Incident responders often create security plans, policies, and training that prepare organizations to respond efficiently and effectively to cyber threats. These professionals often work under pressure to assess and respond to threats through intrusion detection, security auditing, and risk analysis.

The job description of an Incident Responder can include the following:

Responsibilities:

• Perform real-time cyber defense incident handling tasks (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation).
• Conduct security triage to identify and analyze cyber incidents and threats.
• Actively monitor networks and systems for cyber incidents and threats.
• Conduct risk analysis and security reviews of system logs to identify possible cyber threats.
• Conduct analysis and review, and/or apply network scanners, vulnerability assessment tools, network protocols, internet security protocols, intrusion detection systems, firewalls, content checkers, and endpoint software.
• Collect and analyze data to identify cyber security flaws and vulnerabilities and make recommendations that enable prompt remediation.
• Develop and prepare cyber defense incident analysis and reporting.
• Define and maintain tool sets and procedures.
• Develop, implement, and evaluate prevention and incident response plans and activities, and adapt to contain, mitigate or eradicate effects of a cyber security incident.
• Provide incident analysis support on response plans and activities.
• Conduct research and development on cyber security incidents and mitigations.
• Create a program development plan that includes security gap assessments, policies, procedures, playbooks, and training manuals.

Selection Criteria:

• Diploma in IT field with specialization in IT/cyber security, network security, or similar or equivalent training and experience.
• Cybersecurity operations training.
• Industry-level certification in related fields such as security operations; network security; threat detection and mitigation; security appliance operations.