An Incident Response Specialist responds to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.
Below is a sampling of the abilities, tasks and responsibilities for the Cybersecurity Incident Response specialty:
Design incident response for cloud service models.
Apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents
Collect and organize incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
Perform cyber defense incident triage (assessment and damage control), to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
Perform cyber defense trend analysis and reporting.
Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
Receive and analyze network alerts from various sources within the network and determine possible causes of such alerts.
Track and document cyber defense incidents from initial detection through final resolution.
Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.
Coordinate with intelligence analysts to correlate threat assessment data.
Write and publish after action reviews.
Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
As a rule the certifications, education, and training recommendations for entry level employment are more flexible than mid-level and leadership level employment.
Recommended Certifications: Certifications addressing new attack vectors (emphasis on cloud computing technology, mobile platforms and tablet computers), new vulnerabilities, existing threats to operating environments, advanced IDS concepts, applications protocols.
Recommended Education: A minimum of an AS degree in the following areas is helpful, but not always a requirement: Computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering.
Recommended Training: System administrator, basic cyber analysis and operations.
Be sure to visit the NICCS website to learn more about getting the proper certifications and training needed to be successful in the Cybersecurity Career Field.