Cyber Incidents Response Specialist1

Job Purpose

The job holder is responsible for performing cyber incident response activities with minimal supervision, including investigating, analyzing, and responding to cybersecurity incidents.

Specific Operational

1. Correlate incident data to identify vulnerabilities.
2. Analyze log files from multiple sources to identify possible threats to network security.
3. Triage incidents to identify specific vulnerabilities, determine scope, urgency, and potential impact, and make recommendations for expeditious remediation.
4. Analyze and report on cyber defense trends.
5. Perform initial collection of images to relevant forensic standards; inspect to evaluate possible mitigation and remediation measures.
6. Support deployable incident response teams in tasks including forensic collection, intrusion correlation, tracking, threat analysis, and system remediation.
7. Analyze network alerts from multiple sources to determine possible causes.
8. Track and document cyber incidents from initial detection to final resolution.
9. Write and publish cyber defense techniques, guidance, and post-incident reports to appropriate audiences.
10. Apply defense-in-depth principles and practices in line with CHI policies.
11. Collect intrusion artifacts and use discovered data to mitigate potential cybersecurity incidents within CHI.
12. Write and publish reviews to share lessons learned from cybersecurity events.
13. Monitor external data sources to stay updated on current cybersecurity threats and assess their potential impact on CHI.
14. Coordinate incident response functions in a timely manner.
15. Provide expert technical support to resolve cyber defense incidents.
16. Support law enforcement as a technical expert, explaining incident details and forensic analysis as required.
17. Coordinate with internal cyber stakeholders to correlate threat assessment data.
18. Report cyber incidents to inform cyber defense strategies.
19. Identify and select the most effective sources of information to assist with incident investigation.

Education, Certifications

• Bachelor's Degree in Information Systems, Computer Science, Cybersecurity, or a related field.
• Preferably hold certifications such as EC-Council's Certified Incident Handler (E|CIH), GIAC Certified Incident Handler (GCIH), CompTIA Security+, CySA+, IHRP, CSIH, CIHE, CFR, SSCP, CEH, CISSP, CCSP, GSEC, or other equivalent certifications.
• English language proficiency: Basic level.

Experience

• At least 3 years of relevant experience.
• Experience with security assessment tools such as NMAP, Nessus, Metasploit, Netcat, etc.
• Experience in the government sector or regulatory bodies is preferred.