Overview
Reacts to cybersecurity breaches and attacks, working to contain the threat, eradicate malicious actors, recover affected systems, and perform post-incident analysis to prevent recurrence.
Responsibilities
- Respond to active security breaches and cyberattacks
- contain threats
- eradicate malware
- recover systems
- perform post-incident analysis
- develop incident response playbooks
- coordinate response efforts
Required Skills
- Incident response methodologies (NIST SP 800-61)
- forensics tools (EnCase, FTK)
- malware analysis basics
- log analysis (SIEM)
- network traffic analysis (Wireshark)
- OS internals (Windows, Linux)
- scripting
- calm under pressure
Salary Expectations
$75,000 - $130,000+ USD
Relevant Certifications
Common Career Pathway
Often evolves from Security Analyst (SOC Analyst) roles. Can also come from system administration or forensics backgrounds.
Learning Roadmap
Security+ -> CySA+ -> Deep dive into OS internals & networking -> Learn forensics basics -> Master incident response frameworks -> Practice with IR scenarios/labs -> Obtain GCIH/GCFA.