Incident Responder Jobs
What is an incident responder?
An incident responder is part of a cyber security first-response team, which mobilised as soon as a breach is detected to try and deter hackers or mitigate damage done by a cyber attack.
You will employ cyber forensics to track and identify any network issues then act to tackle the intrusion, breach or threat to the organisation as quickly and effectively as possible.
What does an incident responder do?
As a first-response role, you will be expected to act against threats as soon as they are detected. This could mean working unsociable hours if your employer requires constant intrusion monitoring.
This role will involve a combination of forensics, vulnerability and penetration testing, and maintenance of all IT security systems. You may also need to run regular security audits to support the cyber security team when required.
Some common job responsibilities include:
Response to potential threats
You will be the initial response to any attacks or breaches, meaning you will need to have a deep understanding of the company’s defence structures and the best ways to tackle any threat which presents itself.
You will contribute to the organisation’s disaster planning, devising strategies to be followed in the event of a major breach or incident such as a Denial of Service attack.
Your day-to-day activities may also involve running regular assessments of the company’s security, producing reports on any issues identified and making recommendations for changes to be made to improve overall security.
What salary can I expect?
The average salary of an incident responder in the UK according to Payscale is £31,000, with the lower 25% making £20,000.
In the US,Payscale reports the average salary as $69,000, or $44,000 at the lower 10% of the spectrum.
What qualifications will I need to be an incident responder?
In terms of further education, most employers will expect a degree related to cyber security, such as mathematics, computer science or computer engineering.
However, incident responders may only need relevant work experience in a related field to be considered for the role.
Some professional qualifications to consider include:
GIAC Certified Intrusion Analyst (GCIA)
Certified Ethical Hacker (CEH)
GIAC Certified Forensic Examiner (GCFE)
GIAC offer a number of related courses which might help those looking to start work as incident responders.
How do I become an incident responder?
Intrusion analysts will typically need to have a number of years’ experience in the cyber security industry before applying for this job and often start in roles such as security or systems administrator.
Since the role is highly technical and draws in elements of ethical hacking and computer forensics, experience with forensic tools and a strong coding knowledge will be essential for applicants considering this role.