Cyber Degrees

Become an Incident Responder

What Does an Incident Responder Do?

The Short Version

An Incident Responder (a.k.a. CSIRT Engineer or Intrusion Analyst) is a cyber firefighter, rapidly addressing security incidents and threats within an organization.

In your role as a first responder, you will be using a host of forensics tools to find the root cause of a problem, limit the damage and see that it never happens again. Like a firefighter, part of your job will also involve education and prevention.

Incident Responder Responsibilities

On the ground level, your job is to keep attacks from occurring and/or prevent them from getting worse. During the course of your day, you may be required to:

  • Actively monitor systems and networks for intrusions
  • Identify security flaws and vulnerabilities
  • Perform security audits, risk analysis, network forensics and penetration testing
  • Perform malware analysis and reverse engineering
  • Develop a procedural set of responses to security problems
  • Establish protocols for communication within an organization and dealings with law enforcement during security incidents
  • Create a program development plan that includes security gap assessments, policies, procedures, playbooks, training and tabletop testing
  • Produce detailed incident reports and technical briefs for management, administrators and end-users
  • Liaison with other cyber threat analysis entities

Some Incident Responders work as independent consultants; others are employed by large organizations. If you are a member of a Computer Security Incident Response Team (CSIRT), you will typically report to a CSIRT Manager.

Note: Although the fields of incident response and forensics are gradually merging, we’ve kept Forensics Expert as a separate job description for the time being.

AdvertisementFeatured Schools

School Name Level Program Name More Info
Arizona State University Certificate Online Undergraduate Certificate in Homeland Security program website
Utica College Bachelor Online Bachelor of Science in Cybersecurity (you must have 57 completed college credits, or an associates degree, to apply) program website
Maryville University Bachelor Online Bachelor of Science in Cyber Security program website
Maryville University Bachelor Online Bachelor's in Management Information Systems program website
Arizona State University Bachelor Online Bachelor of Science in Information Technology (Networking & Security specialization) program website
Champlain College Bachelor Online BS in Cybersecurity program website
Champlain College Bachelor Online BS in Computer Forensics & Digital Investigations program website
Utica College Master Online Master of Science in Cybersecurity program website
Maryville University Master Online Master of Science in Cyber Security program website
Syracuse University Master Online Master of Science in Cybersecurity program website
Syracuse University Master Online Master of Science in Computer Science program website
Johns Hopkins University Master Online Master of Science in Cybersecurity program website
Johns Hopkins University Master On-Campus Master of Science in Security Informatics program website
University of California - Berkeley Master Online Master of Information and Cybersecurity program website
Saint Mary's University of Minnesota Master Online Master of Science in Cybersecurity program website
Champlain College Master Online MS in Information Security Operations program website
Champlain College Master Online MS in Digital Forensic Science program website

Incident Responder Career Paths

Just starting out? It’s possible to gain basic experience in security and incident response as a:

Or you could choose to make the leap from Forensics.

After you have a few years under your belt, you might wish to lead your team as a CSIRT Manager or Director of Incident Response.

Similar Jobs

“Incident Responder” is the generic term. Equivalent job titles include:

  • Computer Security Incident Response Team (CSIRT) Engineer
  • Cyber Incident Responder
  • Incident Response Engineer
  • Cyber Security Incident Responder
  • Computer Network Defense (CND) Incident Responder

Some companies may be looking for an Intrusion Detection Specialist, Network Intrusion Analyst or Forensics Intrusion Analyst with the same qualifications.

Incident Responder Salaries

Since this is a niche job, standard salary figures from the BLS and Payscale can be hard to come by. What’s more, Incident Responders often get flex time – they might work two 24-hour shifts to deal with a single incident and then have the rest of the week off.

In our search of Indeed using the keywords “incident response”, the two most popular salary estimates were $50,000-$70,000 and $70,000-$90,000 (2014 figures).

For the keywords “incident response analyst”, these figures climbed to $70,000-$90,000 and $90,000-$110,000 (2014 figures).

As you might expect, Incident Response team leaders get paid more. Their salaries range from $100,000-$150,000.

Incident Responder Job Requirements

Degree Requirements

Most Incident Responders don’t hold a specialized degree. A bachelor’s degree in Computer Science or the equivalent (e.g. Math, Electrical Engineering, Cyber Security, etc.) is nice, but it’s not always necessary.

Interested in better job opportunities and/or CSIRT management? You could consider a master’s degree in Information Assurance or Information Security with a focus on incident response. Some universities even offer an incident response management track.

Work Experience

The norm appears to be 2-3 years of security/incident response experience. Job listings for Senior Incident Responders and Senior Intrusion Analysts usually demand 5+ years of relevant experience.

Hard Skills

Incident Responders are expected to know their systems inside-out. Forensics skills are equally valued. Employers (like Google) will want to see you’re capable of responding to security problems in target-rich environments. Sample skills include:

  • Windows, UNIX and Linux operating systems
  • C, C++, C#, Java, ASM, PHP, PERL
  • TCP/IP-based network communications
  • Computer hardware and software systems
  • Operating system installation, patching and configuration
  • Backup and archiving technologies
  • Web-based application security
  • eDiscovery tools (NUIX, Relativity, Clearwell, etc.)
  • Forensic software applications (e.g. EnCase, FTK, Helix, Cellebrite, XRY, etc.)
  • Enterprise system monitoring tools and SIEMs
  • Cloud computing

Soft Skills

Being a first responder can be a stressful, pressure-packed job. That means employers and hiring agencies are looking for flexible, adaptable and down-to-earth candidates. Panickers and procrastinators need not apply.

Incident Responders act as detectives, so find ways to highlight your problem-solving and analytical skills. Can you write clearly and concisely? Do you know how to speak to a room full of non-technical colleagues and executives? Great oral and communication skills are a huge plus.

Certifications for Incident Responders

Incident Responders are close siblings to Forensics Experts, so you will see many of the same certifications in job descriptions. Certification requirements will vary from job to job, so we always recommend talking to employers and senior-level colleagues for their opinion.

  • CCE: Certified Computer Examiner
  • CEH: Certified Ethical Hacker
  • GCFE: GIAC Certified Forensic Examiner
  • GCFA: GIAC Certified Forensic Analyst
  • GCIH: GIAC Certified Incident Handler
  • GCIA: GIAC Certified Intrusion Analyst
  • CCFE: Certified Computer Forensics Examiner
  • CPT: Certified Penetration Tester
  • CREA: Certified Reverse Engineering Analyst
Note: Take a look at our Guide to Cyber Security Certifications for more information and advice.