Cyber Defense Incident Responder
Degree Required:
Degree Required
Degree Not Required
Job Growth:
Job Growth
+20%
Median Salary Range:
Median Salary Range
+$80,000
Soft Skills:
Soft Skills
Capable of Handling Stress
Flexible
Problem-Solving
Analytical
Good Communication
Common Job Duties:
- System or network administration with a focus on security operations
- Investigate, analyze, and respond to cyber incidents within the network environment or enclave
- Receive and analyze network reports/alerts from various sources within the enterprise and determine possible causes of such alerts
- Deep system and event log analysis of computers, anti-virus events, firewall connections, local network administration services (SMB, DNS, FTP, SSH), vulnerability scan results, identity access, authentication and authorization technology, email and web access and services (HTTP, POP3), intrusion detection/prevention systems, and security incident and event management (SIEM)
- Intrusion artifact collection and discovery (source code, malware)
- Digital forensics and malware analysis
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
- Expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents
- Technical expert and liaison to law enforcement and executive personnel and explain incident details as required
- Coordinate incident response functions
- Write and publish cyber defense techniques, guidance, incident findings, and after-action reviews to constituents
- Perform cyber defense trend analysis and reporting
- Collaborate with colleagues to evaluate security mechanisms and processes that enhance response capabilities
Content
Cyber Defense Incident Responder Tracks
- Intern
- Junior
- Mid
- Senior
Target Employee
Student
Employee Type
Current student (High School, College, Technical School)
Requirements
School coursework, hands on tinkering
Job Titles
Intern
Job Responsibilities
- Learning about tech
- Shadowing
- Assigned a project/have a deliverable
Certifications
CompTIA or Microsoft Technical Assessments
Target Employee
0 - 2 Years
Employee Type
- College Graduate
- Career Transition
- Internal Mobility
Requirements
Associates, Bachelors or other (technical / security certifications)
Job Titles
Analyst, Associate, Jr.
Job Responsibilities
- Train on security tools
- Investigate, analyze, and respond to cyber incidents
- Communication and escalation of issues
- Ensure SOPs, Work Instructions, Knowledge Articles are in place & updated
Certifications
- CompTIA
- Mile2
- EC-Council
- Vendor certificates
Target Employee
2 - 8 Years
Employee Type
- Promotion
- Career Transition
- Internal / External Mobility
Requirements
Associates, Bachelors; technical OR security certifications; previous experience in technical roles
Job Titles
Analyst
Job Responsibilities
- Intrusion artifact collection and discovery
- Digital forensics and malware analysis
- Ensure tools are functional and up to date
- Coordinate incident response functions
- Perform cyber defense trend analysis and reporting
- Write and publish cyber findings and guidance
Certifications
- CompTIA
- Mile2
- EC-Council
- SANS
- Vendor certificates
Target Employee
8+ Years
Employee Type
- Promotion
- Career Transition
- Internal / External Mobility
Requirements
Bachelors, Masters, Ph.D.; technical AND security certifications; previous experience in cybersecurity roles
Job Titles
Sr. Analyst, Advisor, Architect
Job Responsibilities
- Act as technical lead for incident handling
- Technical expert and liaison to law enforcement and executive personnel
- Responsible for overall tool design and architecture
- Ensure tools are meeting compliance requirements
- Involved in vendor discussions and proof of concepts to expand services
- Identify automation or transformation opportunities