An Incident Responder (a.k.a. CSIRT Engineer or Intrusion Analyst) is a cyber firefighter, rapidly addressing security incidents and threats within an organization.
In your role as a first responder, you will be using a host of forensics tools to find the root cause of a problem, limit the damage and see that it never happens again. Like a firefighter, part of your job will also involve education and prevention.
On the ground level, your job is to keep attacks from occurring and/or prevent them from getting worse. During the course of your day, you may be required to:
- Actively monitor systems and networks for intrusions
- Identify security flaws and vulnerabilities
- Perform security audits, risk analysis, network forensics and penetration testing
- Perform malware analysis and reverse engineering
- Develop a procedural set of responses to security problems
- Establish protocols for communication within an organization and dealings with law enforcement during security incidents
- Create a program development plan that includes security gap assessments, policies, procedures, playbooks, training and tabletop testing
- Produce detailed incident reports and technical briefs for management, administrators and end-users
- Liaison with other cyber threat analysis entities
Some Incident Responders work as independent consultants; others are employed by large organizations. If you are a member of a Computer Security Incident Response Team (CSIRT), you will typically report to a CSIRT Manager.