Incident Response Consultant Job Description
Incident Response Consultant Duties & Responsibilities
To write an effective incident response consultant job description, begin by listing detailed duties, responsibilities and expectations. We have included incident response consultant job description templates that you can modify and use.
Sample responsibilities for this position include:
Incident Response Consultant Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Incident Response Consultant
List any licenses or certifications required by the position: SANS, ITIL, GCIH, CISSP, CISM, GCFE, GCFA, CEH, GIAC, EC
Education for Incident Response Consultant
Typically a job would require a certain level of education.
Employers hiring for the incident response consultant job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Technical, Forensics, Information Security, Cyber Security, Information Systems, Information Assurance, Intelligence, Computer Engineering, Computer Forensics
Skills for Incident Response Consultant
Desired skills for incident response consultant include:
Desired experience for incident response consultant includes:
Incident Response Consultant Examples
Incident Response Consultant Job Description
- Maintain, test and mature the Corporate Incident Response Plan
- Determine appropriate responses to escalated tier two infosec incidents
- Perform periodic case reviews of infosec cases for compliance to processes and lessons learned
- Key contributions to infosec incident use case and response plans
- Engage representatives from Legal, IT, HR, Privacy, key business units, and Information Security to fully understand infosec incidents, the severity and the appropriate response plan
- Respond to escalated low level incidents from the tier 2 response team
- Respond to infosec incidents in a timely manner and adhere to documented repeatable processes
- Thinking analytically & paying attention to detail
- Develop collaborative information and knowledge sharing networks and build alliances with colleagues and counterparts internally and externally to the organization around infosec incident response
- Recommend and propose methods, technologies, or processes that could improve the effectiveness of infosec incident response functions including counter measures or mitigating controls
- Knowledge of Application and Database Security, Mail Security and AV systems
- CESG GPG 13
- Ability to deliver technical training in areas such as incident handling, event analysis and correlation, threat management
- Understanding of source code, hex, binary, regular expression
- Solid and demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management and experience with reviewing system language log files, data correlation, and analysis
- Experience as part of an incident response team (either in-house or as a consultant)
Incident Response Consultant Job Description
- E-Disclosure
- Work with a team of brilliant people that you can learn from and build lasting relationships
- Develop an understanding of your aspirations and provide opportunities that we believe will get you there
- An environment of trust and camaraderie, where you can speak freely about your ideas
- A platform from which you can make a real impact against the bad guys
- Proactive management of Monitoring and Analytics solution
- Help develop operational metrics to illustrate risk reduction over time
- SPOC in case of technical escalations
- Provide subject matter expertise as requiredQualifications
- On-site, client travel will be required for this position, with the requirement to travel up to 50%
- An ability to provide technical analysis and direction for investigations
- An understanding of networking protocols and infrastructure designs
- An understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security
- An ability to analyse and reverse engineer various file types including providing dynamic and static analysis of malware artefacts and binaries other malicious attack files
- Be able to complete post mortem analysis of network logs, traffic flows and other activities to identify malicious activity on a network
- 4 years experience handling incidents
Incident Response Consultant Job Description
- Develop scripts, tools, or methodologies to enhance the incident investigation process
- Lead and provide guidance to clients for Incident Response containment and remediation activities
- Provide project management and governance for large-scale remediation engagements, consisting of multiple workstreams and resource assignments
- Create and document detailed remediation guides and tracking documents, for clients to leverage to prepare for and execute a coordinated remediation event
- Review and assist clients with implementing hardening controls and group policy enforcement for Active Directory architectures
- Assist clients with implementation of multi-factor authentication and additional technologies for hardening access controls for applications and enterprise environments
- Plan and coordinate for enterprise-scale password resets across multi-domain trust environments
- Document and implement hardening controls for Windows and Unix endpoints
- Build and execute scripts to query and enforce configuration parameters for Active Directory environments
- Effectively communicate remediation strategies and workstreams to client stakeholders including technical staff, executive leadership, and legal counsel
- Preferred experience researching, developing, and analyzing new technologies and methodologies
- Any Prior Programming in language would be plus (C#.NET or Java (J2EE))
- Perform complex incident response technical analysis and develop technical conclusions based on analysis of evidence
- Conduct assessments of client readiness to respond to incidents, including designing and delivering incident response exercises to test client incident response plans
- Design and deliver incident response exercises to test client incident response plans
- Conduct assessments of client readiness to respond to incidents, including designing and delivering incident response exercises to test client incident response capabilities
Incident Response Consultant Job Description
- Running process design workshop with customers
- Creating custom playbooks
- Experience with Python, REST APIs
- React in real time as part of incident response events & breaches, including managing client expectations, detecting incidents, developing corrective action plans, re-assessing risk, providing solutions, & documenting incidents
- Examine systems for points of intrusion & recreate storylines
- Identify and reverse engineer malware
- Consult on strategic initiatives & highly-technical regulatory compliance projects
- Blog about new security finds
- Perform proactive threat hunting and work across teams to cut through the noise to identify unique threats and campaigns
- Automate tracking and discovery of threats leveraging internal and external data sources
- Support complex incident response
- Excellent Project Management, writing & communication Skills
- Fluent in disassembly / debuggers such as IDA Pro, OllyDbg, WinDbg
- Analyze and/or decipher packet captures from network protocol analyzers (Wireshark, TCPdump, etc)
- Demonstrate an understanding of the behavior, security risks and controls of common network protocols
- Possess understanding of techniques and practices used to encode and encrypt common network traffic and common attacks on these controls
Incident Response Consultant Job Description
- Maintain awareness of the current threat environment and possible impact of newly discovered vulnerabilities and exploits
- Develop, document, and manage a mitigation strategy for identified threats
- Develop and deliver comprehensive and accurate reports and presentations for both technical and executive audiences
- Work with key stakeholders to implement remediation plans in response to incidents
- Host/network based forensic investigations
- Effective handling and co-ordination of security incident response activities in order to minimize client impact
- Responsibility for supervising incident response tasks and overall ownership of the Incident Response activities throughout an incident
- Effective co-ordination of resources/establishment of Incident Response Team to manage client impact
- Conduct reviews to identify causes of information security incidents, develop corrective actions and re-assess risks
- Validating, verifying and reporting protective or countermeasure technical solutions
- Ability to utilize NetFlow data to identify the sources of network attacks
- Demonstrate an understanding of the architecture, deployment, benefits and weaknesses of network security proxies, common log formats and flow of data in a wired or wireless network environment
- Proficient in writing a cohesive narrative around packet analysis for a technical and non-technical audience
- Understanding of threat landscape and security intelligence in both the government and commercial space
- Familiarity with threat research, threat modeling, and information security threat assessments
- At least 3 years in a high level of hands-on experience with hardware/software tools used in incident response, computer forensics, network security assessments, and/or application security