Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Incident Response Principal

Incident Response Principal

Role summary

Incident Response is the preparation for, handling of and following up of cyber security incidents, to minimise the damage to an organisation and prevent recurrence.

Role expectations

In this role you will:

  • Analyse the source, nature and impact of breaches to support threat intelligence
  • Monitor security appliance health, performing basic troubleshooting of security devices and escalating severe problems to engineers
  • Analysing unexpected network or system events, assessing their impact, and devising and implementing actions to stop them
  • Managing the sharing of important information quickly and accurately
  • Contributing to incident management policies, and investigation procedures and processes

 

Accreditation

For further information on accreditation in this role see the UK Cyber Security Council’s guide on incident response.

Skills

Incident management, incident investigation and response

Expert

Information risk assessment and risk management

Practitioner

Intrusion detection and analysis

Expert

Threat intelligence and threat assessment

Practitioner

Applied Capability Security

Working

Protective Security

Awareness

Threat Understanding

Awareness

Learning Pathway

Core learning

Certificate in Digital Forensics

CREST Practitioner Intrusion
Analyst (CPIA)

EC-Council Certified SOC Analyst

CREST Registered Intrusion Analyst (CRIA)

EC Council Computer Hacking Forensic Investigator

CREST Certified Host Intrusion Core Analyst (CCHIA)
EC-Council Certified Incident Handler

Recommended for Principle level

CREST Certified Incident Manager (CCIM)

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now