How do I Become a Incident Responder?
Incident Responder Job Overview
A Computer Security Incident Response Team (CSIRT) Engineer or Incident Responder is the person or team of people who are responsible for the rapid detection, mitigation, and removal of any form of computer security breach. In most cases this will look like a slowing down of a breach, analyzing its source/ cause and then stopping the breach.
Incident responders in other fields include SWAT teams, and firefighters. For the purposes of this article we will only discuss incident responders as they pertain to cybersecurity. The career we’re covering has many names including CSIRT Engineer, Computer Network Defense (CND) Incident Responder, Cyber Incident Responder, and others.
Incident Responder Job Duties
- Vigilantly watch for cyber intrusion
- Diagnose cybersecurity flaws
- Identify and assess security vulnerabilities
- Execute systematic, measurable, and technical security audits
- Analyze and mitigate risk
- Perform penetration tests
- Look for trouble
- Dissect and Catalogue for Malware Incidents
- Perform Reverse Engineering tasks using dex2jar, Apktool, diStorm3, edb-debugger, and others
- Determine systems/networks compromised by cyber attacks
- Oversee computer incident response and its function (manager)
- Document results of cyber threat analysis
- Provide training to other member of the incident response team (managerial)
The Incident Response Team
A large part of the job of an incident responder manager is communication with the Computer Security Incident Response Team CSIRT including the following individuals:
- Security Analysts
- Threat Researchers
- Incident Response Analysts
- Management
- Human Resources
- Public Relations
- Audit and Risk Management Specialists
- Attorneys
Incident Responder Career Pathway
Based on your starting point (whether you’re already a incident responder, incident responder manager, a incident responder analyst, or a student) there are a few paths to entering the field of incident response. We’ve listed some different levels at which you can engage in incident response below. These levels will depend on the typical number of years of experience associated with career stages (entry, middle, senior) as well as how specialized your education is. For an in-depth look at how job experience in cyber security and education levels compare and contrast, check out our guide on how to prepare for a career in cyber security.
A note on the positions below: Some job titles are tiered within that position- a position labeled “mid-level” for example, may have a range between mid to advanced.
- Entry level:Security Administrator, Digital Forensics Technician
- Mid-Level Level:Digital Forensic Technician, Network Administrator, Incident Response Manager
- Senior Level: System Administrator, Incident Response Analyst
There are many facets to the job of Incident Responders. Some individuals may wish to enter into the field through law enforcement. Others may enter the profession through IT. While other may choose to enter the field of through similarly-related fields and departments.
Incident Responder Technical Skills
- Strong Understanding of Operating Systems like Linux/Unix, OSX, and Windows
- Programming and Scripting
- OSI
- TCP/IP
- DNS
- HTTP
- SMTP
- Cloud computing
- EnCase
- Cellebrite
- Develop Custom Malware Detection Tools
- Web and System Security Remediation Techniques like OWASP, top-10 etc.
- Understand concept and perimeter security of network firewalls (design, packet filtering, proxy systems, DMZ etc.)
Incident Responder Soft Skills
- Ability to think on one’s feet and respond rapidly in a pressing situation
- Oral and Written Communication
- Ability to discuss cybersecurity with colleagues
- Team Leadership
- Collaboration
- Presentation
- Interpersonal
- Initiate, Follow-up, and Follow Through
- Time Management
Incident Responder Job Outlook and Salary Information
There are thousands of job openings for incident response analysts online, though salary will differ according to hours worked, degree level and role on the team. Incident Response Analysts will make a higher salary than those who work simply in incident response in shifts as will those who manage a team. Individuals who work in shifts may be required to work for a lengthy period of time and then are able to take a number of days off, this will impact the salary of the position. Incident Response positions are projected to grow by 18% by 2024, which is a much faster rate than most fields. The median salary of incident response analysts is $71,834, though can range from $62,000 – $140,000+
Incident Responder Resources
- Check out the International Society of Forensic Computer Examiners to learn how to get certified as a CCE.
- For information how to utilize the G.I Bill Head to the U.S. Department of Veteran Affairs
- Head here to download the Handbook for Computer Security Incident Response Teams (CSIRTs)
- For in-depth information of incident response head to Carnegie Mellon’s organization on Computer Emergency Readiness Team (CERT)