Home  »  Career   »   Cybersecurity Incident Response Specialist

Cybersecurity Incident Response Specialist

Cybersecurity Job Description: Incident Response Specialist

An Incident Response Specialist responds to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, response, recovery approaches as needed to maximize physical security, preservation of property, and information security. Investigates and analyzes all relevant response activities.

Below is a sampling of the abilities, tasks, and responsibilities for the Cybersecurity Incident Response specialty:

• Design incident response for cloud service models.
• Apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents
• Collect and organize incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
• Perform cyber defense incident triage (assessment and damage control), including determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation.
• Perform cyber defense trend analysis and reporting.
• Perform an initial, forensically sound collection of images and inspect them to identify possible mitigation/remediation for enterprise systems.
• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
• Receive and analyze network alerts from various sources within the network, and determine possible causes.
• Track and document cyber defense incidents from initial detection through final resolution.
• Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).
• Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Serve as a technical expert and liaison to law enforcement personnel and explain incident details as required.
• Coordinate with intelligence analysts to correlate threat assessment data.
• Write and publish after-action reviews.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise.
• Coordinate incident response functions.

Incident Response Specialist Job Requirements

As a rule, the certifications, education, and training requirements for entry-level employment are more flexible than those for mid-level and leadership-level employment.

Recommended Certifications: Certifications addressing new attack vectors (emphasis on cloud computing technology, mobile platforms, and tablet computers), new vulnerabilities, existing threats to operating environments, advanced IDS concepts, and applications protocols.

Recommended Education: A minimum of an AS degree in the following areas is helpful but not always required: Computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering.

Recommended Training: System administrator, basic cyber analysis and operations.

To learn more about becoming a Cyber Warrior, check out the College Recon Guide to Cybersecurity Careers.