Incident Response Analyst Job Description
Incident response analyst
provides leadership to the Cyber Security Incident Response Team in the identification and implementation of the Information Security and Incident Response strategies.
Incident Response Analyst Duties & Responsibilities
To write an effective incident response analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included incident response analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Monitor and respond to security events and incidents using established processes, creating process and procedures where none are already established
Enforces security policies and procedures by administering and monitoring security profiles
Monitoring of security events in the SIEM, other security feeds and then take appropriate action based on the company security policy
Supports internal investigations by performing e-discovery, forensics, and other investigative techniques
Detailed analyses of various security event sources (FW, IDS, PROXY, AD )
Create and execute a cyber-war gaming exercise incorporating multiple business line scenarios
Ability to identify compromised computers using logs, packet capture, and related computer centric evidence sources
Develop advanced capabilities necessary to monitor and detect indicators of compromise using security scripts, tools and services
Serve in a leadership role facilitating the incident response process while ensuring the appropriate urgency and discretion is applied to the incident
Communicate upwards according to incident response guidelines
Incident Response Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Incident Response Analyst
List any licenses or certifications required by the position: ITIL, GSEC, SEC401, CCNA, GCIH, CEH, GCIA, GNFA, CISSP, CISA
Education for Incident Response Analyst
Typically a job would require a certain level of education.
Employers hiring for the incident response analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Associate Degree in Computer Science, Education, Engineering, Technical, Information Security, Information Technology, Information Systems, Cyber Security, Technology, Forensics
Skills for Incident Response Analyst
Desired skills for incident response analyst include:
Firewalls
SIEM
IDS
Proxies
HTTP
Incident Response Frameworks and Handling Procedures
Techniques
Procedures
HIDS/NIDS
Cyber risks and threats related to Cyber attackers
Desired experience for incident response analyst includes:
Have extensive experience with all phases of incident response
Demonstrate how to exploit vulnerabilities for the purpose of internal research and assisting with remediation efforts
Manage and delegate activities necessary to bring issues to a timely close
Must have a working knowledge of CoBit, ITIL or other industry accepted frameworks
Conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, Assist in identifying and remediating gaps as identified throughout the investigation
1-2 years of malware analysis
Incident Response Analyst Examples
1
Incident Response Analyst Job Description
Job Description Example
Our growing company is searching for experienced candidates for the position of incident response analyst. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for incident response analyst
- Acts as Incident Commander for high impact cyber breaches and advanced attack methods through using the Cyber Kill Chain methodology the TMC playbook based on NIST methods and procedures
- Detailed analyses of various security event sources (FW, IDS, PROXY, AD ) Acts as the interface with other IT and business departments regarding IT security incidents
- Follow documented workflows and procedures during information security incident response and remediation
- Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace
- Monitor intrusion detection systems and create/monitor IDS signatures
- Provides project support related tasks to integrate security platforms ongoing tuning support for existing technology
- Apply technical acumen and analytical capabilities to improve efficiency and effectiveness of response
- Develop and enhance capabilities of digital and computer forensics
- Knowledge sharing of threat intelligence/ management during weekly meetings
- Interface with different departments to increase security awareness for the business
Qualifications for incident response analyst
- Conduct root cause analysis to identify gaps and recommendations ultimately
- Experience with forensic analysis, using EnCase or FTK-Experience with performing static and dynamic analyses of suspect malware-Knowledge of Microsoft Windows, including registry, logs, and common forensic artifacts-Knowledge of TCP/IP and networking fundamentals, network architecture, and security infrastructure's best practices-Ability to document technical analyses and generate reports-Ability to obtain a security clearance-BS degree
- 1-2 years of hands on incident response
- 1-2 years of virtual threat tracking
- 1-2 years of exploit / hack tool research and/or development
- Incident and Forensic Security certifications
2
Incident Response Analyst Job Description
Job Description Example
Our company is looking to fill the role of incident response analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for incident response analyst
- Support the planning, coordination, and execution of crisis management exercises and/or actual events
- Engage in functional integration discussion/coordination between technical and non-technical groups that may have involvement in Incident Response activities
- Develop and Update operational playbook DDOS, ransomware
- Triage and lead escalated Security events and incident
- Responsible for the technical execution of incident handling functions directly responding to severe network incidents
- Manage and integrate threat intelligence received from a variety of sources into the security monitoring framework
- Responsible for identification, analysis, and correlation of events of interest, escalation and continued monitoring of cybersecurity events on an enterprise-wide basis
- Understanding of common network services (TCP/IP web, mail, FTP, DNS ), vulnerabilities, and attack patterns is a must
- Review, triage, escalate, and respond to security events and incidents while Managing global security incidents and provides support to global security teams
- Analyze various log, network, malware, forensic, and open source information to validate security threats, recommend appropriate countermeasures, and assess impact of incidents
Qualifications for incident response analyst
- Bilingual speaking and writing skills (Japanese, Chinese, Spanish)
- Degree in Computer Science, Engineering or equivalent with a minimum of 6 years working experience in Information Security
- In-depth knowledge of network and host security technologies
- Bachelor's degree (in field mathematics, telecommunications, electrical engineering, computer engineering, computer science) or equivalent five to seven year’s experience with information security
- Bachelor’s degree in and 5 years of experience in incident response or IT risk management or an equivalent combination of education and work experience
- In-depth knowledge in incident r concepts and practices and the ability to identify, apply, and implement best practices
3
Incident Response Analyst Job Description
Job Description Example
Our growing company is looking to fill the role of incident response analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for incident response analyst
- Analysing malware and system forensics to determine level of impact
- Coordinating of incident response activities (escalations, notifications, conferences calls, etc)
- Promoting awareness of security and technology through training and coaching
- Analysis (static and dynamic) of malicious code in support of day to day operations and incident response
- Develop metrics and reports in support of Cyber Threat Center leadership and daily operations
- Work with internal and external subject matter experts (info sharing/investigations) to aide in collective knowledge and understanding a problem-set or actor group
- Competently describe, develop and refine use-case scenarios for new and existing analytical tools as part of daily operational duties
- Enrich team value by sharing knowledge
- Responsible for executing processes within all activities within the security Incident response lifecycle
- Perform analysis of system communications for investigations, potential litigation, and HR related matters
Qualifications for incident response analyst
- Certification in business continuity or disaster recovery
- Expert understanding of intrusion detection systems
- Relevant technical security certifications (GIAC, EC-Council, ISC-2 )
- Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests
- Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution
- Bachelor Degree in Computer Science, Mathematics, Engineering, or other related area of study preferred
4
Incident Response Analyst Job Description
Job Description Example
Our company is looking for an incident response analyst. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for incident response analyst
- Investigate potential identity theft and/or intrusions to/from client facing systems and resources
- Produce monthly and quarterly incident reports
- Document actions taken for audit, regulatory and legal purposes within approved incident tracking system
- Collaborate with business unit technical teams for issue resolution and mitigation control implementation
- Additional responsibilities will include performing documentation review and improvement, attending meetings as needed
- Incident Response Process – Owns the critical process steps – detection, validation, containment, remediation, and communication – for computer-based security events and incidents such as malware infections, potential compromise, Distributed Denial of Service (DDoS)
- CITSIRT Team Member – Respond to critical security incidents and lead escalation teams to close with response, containment and remediation
- Security Operations Playbooks – Create, maintain and promote a set of security operation playbooks with Agilent’s IT teams to effectively trigger and execute the security incident response process
- Logging and Monitoring Across infrastructure & Applications – Manages the current state of logging and monitoring through Splunk and Syslog, maintains a vision of ideal state of logging and monitoring, and drives a prioritized roadmap to reduce the gaps
- Internal / External Engagements – Act as Information Security & Risk consultant to various IT and business driven projects and operations
Qualifications for incident response analyst
- Bachelor's Degree in Business, Management Information Systems, or a related field
- Associate’s Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study
- Experience with scripting languages such as Perl, Python and PowerShell required
- This position requires on-call work in a 24/7/365 environment
- Advanced knowledge of information systems security concepts and technologies
- At least 2 years relevant working experience preferred
5
Incident Response Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking for an incident response analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for incident response analyst
- Conduct host based forensics and analysis to determine root cause and impact
- Continuously monitor changes to computing infrastructure
- Analyze a large volume of security event data from a variety of sources with the goal of identifying suspicious and malicious activity
- Identify, track and report network intrusions using multiple cyber technologies
- Triage and analysis of real-time data feeds (such as system logs and alerts) for potential intrusions
- Create documentation regarding the identification, analysis and remediation of security threats and incidents
- Perform follow-up analysis throughout the incident lifecycle, and complete projects and tasks associated with security monitoring, detection, and incident response
- Authoring and implementation of original detection rules for various monitoring systems on the basis of current threats and vulnerabilities
- Build and maintain custom security detection logic to analyze and correlate information to produce meaningful and actionable results
- Participation in on-call rotation to provide 24x7 incident response coverage
Qualifications for incident response analyst
- Fresh Graduates with relevant degree will be considered
- Needs to be proficient in scripting languages such as perl, python, bash, go
- Excellent technical presentation skills, both written and verbal, with the ability to communicate the impact and importance of detailed technical information to a non-technical audience
- Experience leading complex and varied investigations and managing several incident analysts• Experience managing a team of analysts and investigators
- Operating System internals and security (Essential to have Windows experience, other operating systems are desirable)
- Host forensics / intrusion analysis