Perform cybersecurity incident detection, response, remediation, or mitigation
Analyze security incidents, preserve digital evidence, identify root causes, and create mitigation or remediation plansReference familiarity with NIST, ISO 27001, and CIS Critical Security ControlsCollect and analyze intrusion artifacts (e.g., malware, source code, trojans) to support mitigation effortsCoordinate and provide technical support to enterprise-wide cyber defense teams during incidentsManage, lead, or coordinate incident response functions across the organizationMonitor external threat intelligence feeds (CERTs, vendor advisories, security publications) to identify relevant threatsPerform forensically sound image collection and review to support investigations and remediationReceive, evaluate, and analyze alerts from various systems to determine potential causes or impactsEnsure compliance with federal incident reporting requirements and produce afteraction reportsLead and oversee the full incident response lifecycle: detection, containment, eradication, recovery, and lessons learnedServe as the primary escalation point for major or highseverity incidentsConduct tabletop exercises, drills, and readiness assessmentsStrengthen organizational resilience by identifying gaps and improving IR processesOversee tools and technologies supporting detection, analysis, and response activitiesDocument incidents, timelines, decisions, findings, and process improvementsTrack remediation efforts to completion and validate fix effectivenessReview threat intelligence to stay aware of new techniques, vulnerabilities, and attack trendsCoordinate crossfunctional collaboration during incidents and postincident recoveryPrepare detailed postincident and afteraction reports for leadership and compliance teams
