An incident response analyst (also called an incident responder, intrusion analyst, or CSIRT engineer) is responsible for monitoring, detecting, and reporting any threats directed against a corporation's networks and systems. Some incident response analysts work independently as consultants; others prefer to be part of an organization's Computer Security Incident Response Team (CSIRT) under the supervision of a CSIRT manager.
Incident response analysts are expected to act as cyber defense warriors for an organization by keeping attacks from occurring and by quickly finding the root cause of any threats or incidents that may tamper with information or infrastructure. This is accomplished by various methods and forensic tools, such as security audits, penetration testing, event analysis, and performing thorough computer surveillance/monitoring of inbound and outbound internet traffic.
Incident response analysts follow certain procedures and checklists based on an organization's pre-approved Cyber Security Incident Response Plan (CSIRP). It is not uncommon for an organization to have millions of questionable events occur every single day. These events are examined, reported, and categorized as outlined by the CSIRP.
Incident response analysts are expected to be proficient in their hard skills, such as knowing their systems and forensic tools inside and out. However, this job also requires great attention to detail, as well as having the ability to keep calm under intense pressure during crisis-handling situations.
An incident response analyst's job duties may include:
performing thorough computer surveillance and monitoring
performing malware analysis and penetration testing
identifying and reporting security vulnerabilities on systems and networks
performing research, risk analysis, and security audits
deterring, identifying, and investigating computer and network intrusions
establishing communication protocols and procedures during security incidents
providing technical support and incident response support
producing detailed incident reports for management
performing research on emerging threat sources
developing protection strategies