Incident Handler Job Description
Incident handler
provides DCO Network Security Monitoring, Detection, and Analysis; coordinate, de-conflict, and employ internal defensive measures within the DoDIN; assess new technologies and devices relevant to DCO.
Incident Handler Duties & Responsibilities
To write an effective incident handler job description, begin by listing detailed duties, responsibilities and expectations. We have included incident handler job description templates that you can modify and use.
Sample responsibilities for this position include:
Performs advanced analysis to include forensic seizures of hardware, malware triage and dynamic analysis, and determination of the scope of compromise during a cyber incident
Perform top-level threat analysis and investigate security events
Understands CSIRT functions and participates in analysis, containment, and eradication of cyber security events and incidents
Perform analysis of logs from various security controls, including, but not limited to, firewall, proxy, host intrusion prevention systems, endpoint security, application and system logs, to identify possible threats to network security
Coordinate response procedures with fellow CIRT members, other GM security teams, business partners, and executive leadership ·
Evaluates, proposes, and transforms capabilities, procedures, tactics, and techniques to better execute the IR mission
Safely acquire and preserve the integrity of data required for cyber incident analysis to help determine the technical/operational impact, root cause(s), scope, and nature of the cyber event or incident
Identify lessons learned to help improve infrastructure component protection strategies and cyber incident handling procedures to prevent a recurrence of the cyber event or incident
Acts as Incident Commander for high impact cyber breaches and advanced attacks in accordance with Cyber Kill Chain methodology and incident response process
Understand Incident Response processes and participate in analysis, containment, and eradication of cyber security events and incidents
Incident Handler Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Incident Handler
List any licenses or certifications required by the position: IAT, II, III, IAM, GCIH, SANS, CEH, GIAC, CISSP, ITIL
Education for Incident Handler
Typically a job would require a certain level of education.
Employers hiring for the incident handler job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Associate Degree in Information Security, Information Systems, Computer Science, Engineering, Technical, Education, Information Technology, Computer Engineering, Technology, Forensics
Skills for Incident Handler
Desired skills for incident handler include:
Analysis
Configuration control technologies
Network monitoring
Troubleshooting
TCP/IP communications and how common protocols and applications work at the network level
Procedures
Cyber Kill Chain
Attack vectors
Attacker techniques
Network-based services and client/server applications
Desired experience for incident handler includes:
Bachelor’s degree in Information Security, Computer Science or related technical field
Ability to develop custom threat detection rules
Experience with network security tools
Experience with host-based security tools
Background in information security operations incident response and monitoring services
Bachelors of Science in a related field preferred
Incident Handler Examples
1
Incident Handler Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of incident handler. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for incident handler
- Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, logs from various types of security sensors
- Ensure an effective threat response
- Perform threat hunting within the available information sources
- Initiate incident response, dispatch and follow up on remediation actions
- Initiate process improvement actions to increase service performance of our SIEM and SOC
- Handle cyber security incidents in accordance with the incident response process
- Perform remote and onsite live response activities
- Analyze malware and/or other suspicious files/email messages
- Analyze volatile system data
- Collaborate with level one event handlers and to improve prevention and detection methods
Qualifications for incident handler
- MUST meet DoD 8570 IAT Level II requirements (Security+ ce
- Tempo operations in accordance with established policies and best practices
- Volume events in accordance with established policies and best practices
- Have security certifications on your resume (CISSP, GCIH, GCFA, CEH, OSCP)
- Have knowledge and understanding of corporate IT security architecture, including network security
- 2+ years of experience with system administration, network engineering, and security engineering
2
Incident Handler Job Description
Job Description Example
Our company is hiring for an incident handler. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for incident handler
- Collaborate with security engineering teams to ensure proper function of tools used to support the incident response function
- Maintain proper documentation and creation of reports
- Provide on-call support to 24x7 security monitoring
- Contribute to GM cyber security incident response efforts
- Manages a growing team of incident response experts
- Performs actions in response to identified cyber intrusions
- Determines appropriate course of action in response to identified cyber security incidents or anomalous network activity
- Communicates with stakeholders and leaders to ensure incidents are managed appropriately
- Acts as incident command during small scale incidents and cyber response subject matter expert during large scale incidents
- Recommend enterprise protection measures based on incident trends
Qualifications for incident handler
- Ability to facilitate customer requests regarding Cybersecurity threats and best practices
- Ability to monitor shared mailbox and ticket queues, communicate ownership and next steps within the team, and monitor internal social media for questions and reports pertaining to Cybersecurity
- Ability to work with a team to complete the mission while working well under pressure to rapidly scope and investigate incidents, as needed
- Ability to show originality and creativity in problem solving
- Ability to pay strict attention to detail and show a solution orientation
- Possession of excellent analytical, critical thinking, and logic skills
3
Incident Handler Job Description
Job Description Example
Our company is hiring for an incident handler. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for incident handler
- Prepares detailed recommendations for network defense improvements to close or mitigate incidents
- Recruits and mentors incident handler talent
- Documents impactful achievements of the team for leadership
- Be able to deploy nationally to respond to a critical incident within 2 hours of notification when on-call status
- Report, analyze, coordinate, and respond to any event or cyber incident for the purpose of mitigating any adverse operational or technical impact
- Extract meaningful info from technical reports and convert to documentation or summary reports that clearly conveys issues/status to leadership
- Coordinates the development and implementation of courses of action (COAs) that focus on containment, eradication, and recovery
- Ensure the timely response to cyber incidents through appropriate technical and operational channels in a way that promotes an accurate, meaningful, and comprehensive understanding of the cyber incident throughout its life cycle
- Effectively contain events and incidents and isolate systems to minimize any damage or impact to judicial information networks, systems, data, and services
- Ensure the effective coordination and communication of cyber incident information through appropriate channels and with appropriate stakeholders, other AO/DTS/ITSO organizations, and/or other government agencies
Qualifications for incident handler
- Industry Recognized Information Security Certification, including CISSP, Security+, or SANS
- At least four (4) years of work experience in IT security or other related discipline
- High school diploma or GED with five (5)+ years work experience
- Proficient in the use of a laptop computer and related software
- Must have or be eligible to obtain United States passport
- United States citizenship and ability to obtain security clearance required
4
Incident Handler Job Description
Job Description Example
Our innovative and growing company is looking for an incident handler. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for incident handler
- Perform additional analysis of escalations from Incident Triage Analyst and review Level 2 tickets
- Provide an effective and comprehensive response that includes the recovery of any affected systems and the return to a fully functioning, secure, operational state for all services and systems
- Understand patterns of activity and trends to characterize the threat and direct protective and defensive strategies
- Sometimes intelligence and technical information may come from sources unique to the CND environment, including sources outside the AO
- Document all findings and coordinating activities through the Judicial ticket tracking system HEAT
- Collaborate with Threat Monitoring event handlers and to improve prevention and detection methods
- Conducting digital forensics examinations utilizing a variety of tools
- Assessing and reporting on the nature and scope of compromises
- Supporting information security compliance efforts
- Processing security-related help tickets via the Remedy “Request for Service” application
Qualifications for incident handler
- Computer proficiency with MS Office application experience including Word, Excel, Project and PowerPoint
- Familiarity with core concepts of security incident response, , the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs)
- Incident Handler will maintain twenty four (24) hours a day, seven (7) days a week, three hundred sixty five (365) days per year, incident handling capability
- Working with other members of the IT Security team, researches, designs, and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors
- Research and analyze potential impact of new threats and exploits and communicate risks to relevant business units
- Relevant technical security certifications (GIAC, OSCP, EC-Council, ISC-2 )
5
Incident Handler Job Description
Job Description Example
Our company is looking for an incident handler. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for incident handler
- Analyze volatile system data.Collaborate with level one event handlers and to improve prevention and detection methods
- Lead Incident Handling efforts
- Processing security-related requests via the Remedy Request for Service application
- Be an in-house subject matter expert in the Computer Emergency Response Team (CERT), who diligently handles information security incidents by leading and coordinating investigations with internal and external stakeholders a forensics team
- Create security incident reports and dashboards upon the request of management
- Analyse System, Security and Application alerts raised to CERT to recognise and respond to abnormal activity, threats, and vulnerabilities
- Support the SIEM solution, by improving the visibility of security incidents by defining and optimizing use-cases
- Research emerging technologies to design, develop and implement automated tools to increase incident response efficiency
- Report key performance indicators to management for team activities
- Help to improve the CERT process excellence by maintaining information security documentation
Qualifications for incident handler
- Knowledge of network protocols, enterprise architecture, and common network logging functions
- Hands on experience with security tools, such as, Encase, Splunk, network forensic and capture tools, CarbonBlack, Tanium
- Ability to prioritize assignments and efforts in a complex work environment
- Direct working knowledge of enterprise incident management systems
- Industry certifications such as CEH, CISA, Security + are desirable
- Experience work as part of a SOC or CSIRT team is desirable