Incident Response Analyst Job Description
Incident Response Analyst Duties & Responsibilities
To write an effective incident response analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included incident response analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Incident Response Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Incident Response Analyst
List any licenses or certifications required by the position: ITIL, GSEC, SEC401, CCNA, GCIH, CEH, GCIA, GNFA, CISSP, CISA
Education for Incident Response Analyst
Typically a job would require a certain level of education.
Employers hiring for the incident response analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Associate Degree in Computer Science, Education, Engineering, Technical, Information Security, Information Technology, Information Systems, Cyber Security, Technology, Forensics
Skills for Incident Response Analyst
Desired skills for incident response analyst include:
Desired experience for incident response analyst includes:
Incident Response Analyst Examples
Incident Response Analyst Job Description
- Acts as Incident Commander for high impact cyber breaches and advanced attack methods through using the Cyber Kill Chain methodology the TMC playbook based on NIST methods and procedures
- Detailed analyses of various security event sources (FW, IDS, PROXY, AD ) Acts as the interface with other IT and business departments regarding IT security incidents
- Follow documented workflows and procedures during information security incident response and remediation
- Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace
- Monitor intrusion detection systems and create/monitor IDS signatures
- Provides project support related tasks to integrate security platforms ongoing tuning support for existing technology
- Apply technical acumen and analytical capabilities to improve efficiency and effectiveness of response
- Develop and enhance capabilities of digital and computer forensics
- Knowledge sharing of threat intelligence/ management during weekly meetings
- Interface with different departments to increase security awareness for the business
- Conduct root cause analysis to identify gaps and recommendations ultimately
- Experience with forensic analysis, using EnCase or FTK-Experience with performing static and dynamic analyses of suspect malware-Knowledge of Microsoft Windows, including registry, logs, and common forensic artifacts-Knowledge of TCP/IP and networking fundamentals, network architecture, and security infrastructure's best practices-Ability to document technical analyses and generate reports-Ability to obtain a security clearance-BS degree
- 1-2 years of hands on incident response
- 1-2 years of virtual threat tracking
- 1-2 years of exploit / hack tool research and/or development
- Incident and Forensic Security certifications
Incident Response Analyst Job Description
- Support the planning, coordination, and execution of crisis management exercises and/or actual events
- Engage in functional integration discussion/coordination between technical and non-technical groups that may have involvement in Incident Response activities
- Develop and Update operational playbook DDOS, ransomware
- Triage and lead escalated Security events and incident
- Responsible for the technical execution of incident handling functions directly responding to severe network incidents
- Manage and integrate threat intelligence received from a variety of sources into the security monitoring framework
- Responsible for identification, analysis, and correlation of events of interest, escalation and continued monitoring of cybersecurity events on an enterprise-wide basis
- Understanding of common network services (TCP/IP web, mail, FTP, DNS ), vulnerabilities, and attack patterns is a must
- Review, triage, escalate, and respond to security events and incidents while Managing global security incidents and provides support to global security teams
- Analyze various log, network, malware, forensic, and open source information to validate security threats, recommend appropriate countermeasures, and assess impact of incidents
- Bilingual speaking and writing skills (Japanese, Chinese, Spanish)
- Degree in Computer Science, Engineering or equivalent with a minimum of 6 years working experience in Information Security
- In-depth knowledge of network and host security technologies
- Bachelor's degree (in field mathematics, telecommunications, electrical engineering, computer engineering, computer science) or equivalent five to seven year’s experience with information security
- Bachelor’s degree in and 5 years of experience in incident response or IT risk management or an equivalent combination of education and work experience
- In-depth knowledge in incident r concepts and practices and the ability to identify, apply, and implement best practices
Incident Response Analyst Job Description
- Analysing malware and system forensics to determine level of impact
- Coordinating of incident response activities (escalations, notifications, conferences calls, etc)
- Promoting awareness of security and technology through training and coaching
- Analysis (static and dynamic) of malicious code in support of day to day operations and incident response
- Develop metrics and reports in support of Cyber Threat Center leadership and daily operations
- Work with internal and external subject matter experts (info sharing/investigations) to aide in collective knowledge and understanding a problem-set or actor group
- Competently describe, develop and refine use-case scenarios for new and existing analytical tools as part of daily operational duties
- Enrich team value by sharing knowledge
- Responsible for executing processes within all activities within the security Incident response lifecycle
- Perform analysis of system communications for investigations, potential litigation, and HR related matters
- Certification in business continuity or disaster recovery
- Expert understanding of intrusion detection systems
- Relevant technical security certifications (GIAC, EC-Council, ISC-2 )
- Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests
- Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution
- Bachelor Degree in Computer Science, Mathematics, Engineering, or other related area of study preferred
Incident Response Analyst Job Description
- Investigate potential identity theft and/or intrusions to/from client facing systems and resources
- Produce monthly and quarterly incident reports
- Document actions taken for audit, regulatory and legal purposes within approved incident tracking system
- Collaborate with business unit technical teams for issue resolution and mitigation control implementation
- Additional responsibilities will include performing documentation review and improvement, attending meetings as needed
- Incident Response Process – Owns the critical process steps – detection, validation, containment, remediation, and communication – for computer-based security events and incidents such as malware infections, potential compromise, Distributed Denial of Service (DDoS)
- CITSIRT Team Member – Respond to critical security incidents and lead escalation teams to close with response, containment and remediation
- Security Operations Playbooks – Create, maintain and promote a set of security operation playbooks with Agilent’s IT teams to effectively trigger and execute the security incident response process
- Logging and Monitoring Across infrastructure & Applications – Manages the current state of logging and monitoring through Splunk and Syslog, maintains a vision of ideal state of logging and monitoring, and drives a prioritized roadmap to reduce the gaps
- Internal / External Engagements – Act as Information Security & Risk consultant to various IT and business driven projects and operations
- Bachelor's Degree in Business, Management Information Systems, or a related field
- Associate’s Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study
- Experience with scripting languages such as Perl, Python and PowerShell required
- This position requires on-call work in a 24/7/365 environment
- Advanced knowledge of information systems security concepts and technologies
- At least 2 years relevant working experience preferred
Incident Response Analyst Job Description
- Conduct host based forensics and analysis to determine root cause and impact
- Continuously monitor changes to computing infrastructure
- Analyze a large volume of security event data from a variety of sources with the goal of identifying suspicious and malicious activity
- Identify, track and report network intrusions using multiple cyber technologies
- Triage and analysis of real-time data feeds (such as system logs and alerts) for potential intrusions
- Create documentation regarding the identification, analysis and remediation of security threats and incidents
- Perform follow-up analysis throughout the incident lifecycle, and complete projects and tasks associated with security monitoring, detection, and incident response
- Authoring and implementation of original detection rules for various monitoring systems on the basis of current threats and vulnerabilities
- Build and maintain custom security detection logic to analyze and correlate information to produce meaningful and actionable results
- Participation in on-call rotation to provide 24x7 incident response coverage
- Fresh Graduates with relevant degree will be considered
- Needs to be proficient in scripting languages such as perl, python, bash, go
- Excellent technical presentation skills, both written and verbal, with the ability to communicate the impact and importance of detailed technical information to a non-technical audience
- Experience leading complex and varied investigations and managing several incident analysts• Experience managing a team of analysts and investigators
- Operating System internals and security (Essential to have Windows experience, other operating systems are desirable)
- Host forensics / intrusion analysis