Incident Response Lead
Role summary
Incident Response is the preparation for, handling of and following up of cyber security incidents, to minimise the damage to an organisation and prevent recurrence.
Role expectations
In this role you will:
- Respond to alerts from monitoring/detection systems within defined SLAs
- Use configured tools and scripts to identify potential cyber security breaches
- Following procedures, analyse, respond to and/or escalate cyber security incidents
- Monitor security appliance health, performing basic troubleshooting of security devices and escalating severe problems to engineers
- Contribute to the development of incident response capabilities, policies and procedures
- Maintain logs of all actions taken
Accreditation
For further information on accreditation in this role see the UK Cyber Security Council’s guide on incident response.
Skills
Incident management, incident investigation and response
Practitioner
Information risk assessment and risk management
Practitioner
Intrusion detection and analysis
Practitioner
Threat intelligence and threat assessment
Practitioner
Applied Capability Security
Working
Protective Security
Awareness
Threat Understanding
Awareness
Learning Pathway
Core learning
Certificate in Digital Forensics
CREST Practitioner Intrusion
Analyst (CPIA)
EC-Council Certified SOC Analyst
CREST Registered Intrusion Analyst (CRIA)
EC Council Computer Hacking Forensic Investigator
Recommended for Lead level
CREST Certified Host Intrusion Core Analyst (CCHIA)
EC-Council Certified Incident Handler