Last Updated: March 30, 2020
There are many different jobs in the incident response field, including cyber incident responder, computer network defense incident responder, and incident response engineer. Other related positions include forensics intrusion analyst, intrusion detection specialist, and network intrusion analyst.
Regardless of specific job title, most incident responders use forensic tools to address cybersecurity incidents. When not working on an incident, these professionals may lead threat prevention and education work with company employees. The Bureau of Labor Statistics (BLS) does not provide specific salary and job growth data for incident responders, but computer and information technology (IT) professionals made a median annual salary of $86,320 in May 2018.
What Does an Incident Responder Do?
Incident responders seek to protect and improve organizational security by preventing, averting, and mitigating security threats. Prevention duties include system monitoring, assessment, testing, and analysis designed to identify and correct potential security breaches. Incident responders often create security plans, policies, protocols, and training that prepare organizations to respond efficiently and effectively to incidents.
These professionals often work under pressure to assess and respond to threats through intrusion detection, security auditing, and risk analysis. Addressing security threats can involve use of network forensics, reverse engineering, and penetration testing skills. Incident responders also create reports for management and law enforcement.
Companies hire incident responders to protect finances and reputation from losses due to cybercrime. Incident responders may work as consultants or as employees of large companies with computer security incident response teams (CSIRTs). Many incident responder positions require 2-3 years of prior experience in information security or forensics. System, network, or security administrator positions can provide relevant experience for this career.
Steps to Become an Incident Responder
Bachelor's or master's degrees in computer forensics, cybersecurity, or a related field often provide ideal educational preparation for incident responders careers. For those seeking career transition, earning your master's in information security or incident response management can position you well for eventually getting upper-level roles such as senior incident responder, senior intrusion analyst, or CSIRT manager.
Many professionals in this skills-based field gain their cybersecurity education simply by earning relevant professional certifications such as certified incident handler, certified intrusion analyst, or certified forensic analyst. Regardless of degree requirements, most incident responder jobs require some of these certifications. Keep in mind that certification requirements vary depending on position, employer, and industry.
Most incident responder jobs require at least 2-3 years of prior relevant work experience in fields like computer forensics, cybersecurity, or network administration. Online courses, bootcamps, and training can bolster your resume. Earning a CSIRT can help qualify you for CSIRT teams, where you can learn from CSIRT managers and other cybersecurity professionals.
Top Required Skills for an Incident Responder
Incident responders need considerable applied knowledge and skills working with many kinds of systems. Comprehensive understanding of operating systems, hardware and software systems, and network systems are essential. Related hard skills include system monitoring tools, forensics software, and e-discovery tools. Incident responders also must understand programming languages to do the work often needed to address cybersecurity threats.
Soft skills such as versatility, persistence, and grounding prove useful for this often stressful and unpredictable job. Incident responders also need advanced analysis and problem-solving skills to quickly identify causes and solutions for cyber breaches. Communication skills benefit incident responders as they compose, present, and explain incident reports to executives and law enforcement.
Cybersecurity degree programs cultivate skills through coursework in operating systems and information systems security, cybercrime forensics, and object-oriented programming. Aspiring incident responders interested in leadership positions benefit from courses on cybersecurity operations management, cybersecurity law and policy, and global trends. Other relevant courses include cyberwarfare and ethical hacking.
Incident Responder Salary
BLS data on computer and information technology careers lists a 2018 median annual wage of $86,320, and projects 12% job growth between 2018 and 2028. Job growth data for information security analysts projects a 32% position increase during the same time frame, suggesting a particularly promising job market for IT professionals specializing in cybersecurity. Information security analysts also made an average of $98,350 annually in 2018.
2019 keyword searches of Indeed.com indicate salaries as high as $115,000+ for incident response analysts, while PayScale puts the average annual salary for incident managers at $80,247. PayScale data identifies New York, Seattle, and Atlanta as the top-paying cities and Cisco, Bank of America, and Covestic as top-paying employers for incident managers. Top-paying industries include finance and banking, business and consulting, and information technology.