Cyber Incident Response Resume Sample
Work Experience
- Lead security incidents according to the Security Incident Response Policy
- Follow-up on potential security events in coordination with firm’s security operations centers
- Liaise with the Firm’s SOC to respond to emerging incidents in a timely manner; triage details and provide support to both the SOC and Business Managers
- Work with either HR and/or the Firm’s Fraud Investigations Teams, providing additional details for escalated cases, as appropriate
- Maintain a solid “currency awareness” of the emerging threats and issues for this activity sector; be aware of developments associated with malware, phishing, external attacks and associated threats to the Firm’s Information Assets
- Evaluate target systems to analyze results of scans, identify resolutions, make recommendations, and continuously monitor requirements
- Provide guidance to first responders for handling information security incidents
- Home office could be arranged (typically 1 day / week)
- Travel requirements 0-5%
- Responsible for all aspects of their team’s performance management activities including goal setting, conducting reviews, check-ins and disciplinary action, as needed
- Proactively manage incidents to minimize customer impact and meet SLA’s
- Perform analysis with strict attention to detail and display solution orientation to learn and adapt quickly
- Managing evidence with proper chain of custody procedures
- Forensic imaging of digital media
- Creating and maintain virtualized server environment
- Organizing and tracking eDiscovery matters
- Understanding and performing basic forensic investigations
- Recovering data from failing media
- Maintaining and researching new hardware and software for forensic application
- Translate cyber threat intelligence into actionable monitoring strategies through effective threat modeling
- Develop and maintain an Incident Response process that integrates with processes managed by Business Conduct, Privacy, Physical Security, and Public Affairs groups
- Develop and maintain appropriate response playbooks, facilitate routine exercises, and ensure a sound communication process for all cyber events
- Manage incident response events and provide effective communication to management
- Leverage relationships with IT support groups to remediate security vulnerabilities, weak practices, and malware infections
- Leverage machine data to find anomalous network behavior and translate the anomalous behavior into malicious activity
Education
Professional Skills
- Excellent communication skills to effectively present to different business and technical audiences
- Information security experience and prior experience focused on incident response activities
- Organization skills with the ability to multi-task and identify priorities, work with cross-functional global teams, and execute on schedule
- Solid attention to detail Strong written and communication skills
- Programming skills - PowerShell, Python and/or SQL
- High energy and self-motivated individual with a keen attention to detail and experience working in a fast-paced environment with changing priorities
- Demonstrated experience utilizing a SIEM in investigating security issues
How to write Cyber Incident Response Resume
Cyber Incident Response role is responsible for security, events, java, training, reporting, digital, modeling, travel, programming, government.
To write great resume for cyber incident response job, your resume must include:
- Your contact information
- Work experience
- Education
- Skill listing
Contact Information For Cyber Incident Response Resume
The section contact information is important in your cyber incident response resume. The recruiter has to be able to contact you ASAP if they like to offer you the job. This is why you need to provide your:
- First and last name
- Telephone number
Work Experience in Your Cyber Incident Response Resume
The section work experience is an essential part of your cyber incident response resume. It’s the one thing the recruiter really cares about and pays the most attention to.
This section, however, is not just a list of your previous cyber incident response responsibilities. It's meant to present you as a wholesome candidate by showcasing your relevant accomplishments and should be tailored specifically to the particular cyber incident response position you're applying to.
The work experience section should be the detailed summary of your latest 3 or 4 positions.
Representative Cyber Incident Response resume experience can include:
- Effectively present complex technical information to varied audiences
- Recent experience working with one of the following: incident response, cyber analytics, or security monitoring /detection technologies
- Present a professional appearance and demeanor during a crisis and in high stress situations. Education/Experience
- Collect and process the evidence needed to conduct highly-confidential investigations for Symantec customers
- Triage and prioritize Security events and incident
- Investigating security incidents through log analysis, interviewing, evidence collection and preservation, and forensics
Education on a Cyber Incident Response Resume
Make sure to make education a priority on your cyber incident response resume. If you’ve been working for a few years and have a few solid positions to show, put your education after your cyber incident response experience. For example, if you have a Ph.D in Neuroscience and a Master's in the same sphere, just list your Ph.D. Besides the doctorate, Master’s degrees go next, followed by Bachelor’s and finally, Associate’s degree.
Additional details to include:
- School you graduated from
- Major/ minor
- Year of graduation
- Location of school
These are the four additional pieces of information you should mention when listing your education on your resume.
Professional Skills in Cyber Incident Response Resume
When listing skills on your cyber incident response resume, remember always to be honest about your level of ability. Include the Skills section after experience.
Present the most important skills in your resume, there's a list of typical cyber incident response skills:
- Demonstrated written and verbal communication skills necessary to convey complex security events in reports and other formal communication
- Responding to security incidents including gathering digital evidence, analyzing, developing and presenting forensic evidence
- Demonstrated experience of security event monitoring concepts and escalation processes
- Background performing computer security incident response and digital forensics Other Required Skills
- Demonstrated understanding and experience with current incident response best practices and standards
- Demonstrated experience handling security events in critical environments
List of Typical Experience For a Cyber Incident Response Resume
Experience For Cyber Incident Response Analyst Resume
- Ingest, triage, prioritize, assign, track, document, and manage incidents and results
- Recent operational security experience (SOC, Incident Response, Malware Analysis, etc.)
- Define the standard patterns and processes required to automate the transformation of streaming data into formats suitable for statistical analysis
- Support the development of staff schedules and staffing forecasts for approval
- Ensure shift members follow the appropriate incident escalation and reporting procedures
- Develop and implement continuous improvements and efficiencies through automation and orchestration
- Define and manage the process to onboard new systems into our security analytics framework
- Inform information security leadership with a data driven approach and drive towards a cyber intelligence-based program
- Develop and maintain a cyber hunt operations function to proactively identify threat actors or other malicious activity
Experience For Cyber Incident Response Team Lead Resume
- Act as single point of contact for the Cyber Threat & Incident Response (CTIR) function
- Provide focus and accountability for cyber threat & incident response activities
- Interface with operational incident management teams and act as advisor for cyber related incidents
- Work closely with other members of the team to provide service continuity and reliability, globally
- Continuously create and refine engagement models to maximize service efficiency
- Build and maintain relationships with stakeholders across the business, business resilience, technology, and risk management domains
- Drive engagement and facilitation efforts across internal security teams, the business and within the industry for table-top and simulation exercises
- Be a primary first responder for incidents for Symantec customers
Experience For Cyber Incident Response Specialist Resume
- Contribute to client reports on relevant findings
- Participate in the improvement and development of methodologies, process/procedure manuals and documentation
- We provide status reports that summarize activities completed, key engagement statistics, issues that require attention, and plans/action items for the next reporting period
- Conduct analysis with strict attention to detail, display a solution orientation to learn and adapt quickly, lead and serve on a team to complete the mission, and work well under pressure to rapidly scope and investigate incidents
- Guide non-subordinate incident responders through precise mitigation processes tactfully
- Experience with incident analysis and response methodologies in investigations and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs)
- DoD 8570 IAT II and CND Duty Role Certifications, including CEH, GCIA, or GCIH
- Perform analysis with strict attention to detail and display a solution orientation to learn and adapt quickly
Experience For Cyber Incident Response Lead Resume
- Guide non-subordinate incident responders tactfully through precise mitigation processes
- Experience with incident analysis and response methodology in investigations and the groups behind targeted attacks and tactics, including techniques, and procedures (TTPs)
- Lead and serve on a team to complete the mission, and work under pressure to rapidly scope and investigate incidents
- Escalates high or critical severity level incidents to Incident Investigators
- Consumes threat intelligence and disseminate findings to relevant parties
- Performs triage of service requests from customers and internal teams
- Coordinate and triage response to cybersecurity events and conduct forensic analysis
- Understand the threat landscape through collaboration with the Threat Intelligence team and other stakeholders
- Direct and support incident response activities
Experience For Senior Cyber Incident Response Manager Resume
- Deliver actionable incident metrics to management
- Manage the end-to-end incident response lifecycle
- Perform root cause analysis on information security events to determine scope and impact
- Determine best method for containment and remediation of information security events
- Perform basic to intermediate malware analysis to determine indicators of compromise
- Experience with the following tools: SIEM, Workflow management tools, Vulnerability Scanners, Endpoint Detection & Response tools, Wireshark (or equivalent packet analysis tool), and Log Management tools
- Individual typically has at least 1-3 years of related experience working in Cyber Operations
Experience For Cyber Incident Response Senior Analyst Resume
- Independently plan, organize and devise approaches necessary to respond to incidents to obtain useful forensic information, taking into consideration the requirements by agency regulations, federal and state laws - and company policies as they apply
- Utilize experience and knowledge of a variety of technologies to conduct analysis of evidence to determine their validity and whether the information has forensic significance
- Conduct malware analysis to determine capabilities and develop indicators of compromise
- Support cyber security projects and initiatives as subject matter expert
- Research and conduct proof of concepts for new cyber security tools and capabilities
- Prepare formal written reports suitable for legal matters
- Provide forensic expertise within legal proceedings as required
- Manages information security incidents from triage through resolution
Experience For Cyber Incident Response Engineer Resume
- Manage multiple investigations concurrently
- Leads a cross-functional team of experts to resolve the incident investigation
- Provides findings to relevant business leadership to help improve information security posture
- Follow through on all phases of the incident response and identify attacks, determine initial vectors, and complete scope of incidents
- Provides support promptly and efficiently through front-line telephone and email communications
- Provide technical support in response to computer security incidents
- Correlate, map, and fuse any and all incident information for the development and distribution of cyber alerts and notices, or other products as required
Experience For Manager Cyber Incident Response Resume
- Coordinate, communicate, share information, and work closely with DHS components
- Information security experience in one or more of the following areas: IT security, incident handling and response, exploit analysis, network intelligence gathering, vulnerability management, digital forensics methods and procedures
- Experience with at least two of the following tools: EnCase Forensic, EnCase Enterprise, AccessData FTK, HBGary, Volatility, SANS SIFT, Bit9, Internet Evidence Finder
- Understands the incident response cycle and work processes
- Proficiency with forensic techniques and the most commonly used forensic toolsets, professional and open source
- Investigate network intrusions and other cyber security incidents to determine the cause and extent of compromise. Includes ability to perform host-based and network-based analysis across all major operating systems and network device platforms
- Assist in development and implementation of courses of action (COAs) that focus on containment, eradication, and recovery. Ensures the acquisition and preservation of data required for tactical analysis, strategic analysis, and/or LE investigations
Experience For Cyber Risk Cyber Incident Response Senior Consultant Resume
- Knowledge of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits. Along with technical understanding of current cyber threats and trends
- Knowledge and experience with several IT Security layers, components, and technologies that are commonly used such as but not limited to; web content filtering, intrusion detection and prevention, data loss prevention, Security Information and event management systems
- Experience with or managing an enterprise level SIEM platform
- Demonstrated understanding of network threats, attack vectors, and methods of exploitation, intrusion tactics, techniques, and procedures
- Incident Response / Information Security-related education, training, and/or experience
- Experience in IT
Experience For Cyber Incident Response Analyst, Mid Resume
- Exhibit a good work ethic and a true desire to bring a creative approach to our team
- Experience working with commercial and/or open-source threat intelligence feeds
- Experience with APT threat hunting
- Experience analyzing system and application logs to investigate security and operational issues
- Strong knowledge of current enterprise detection and monitoring technologies and processes
- Five years experience in an information security role with a public/private sector security organization, government agency (law enforcement, intelligence, etc
- Experience in intrusion detection and firewall technologies
- Overall IT Infrastructure experience preferably within Information Security, Cyber, IT Audit or System Forensics
- Experience with Splunk, OSSEC and McAfee security products
List of Typical Skills For a Cyber Incident Response Resume
Skills For Cyber Incident Response Analyst Resume
- Prioritizing and classifying incidents
- Validating and maintaining incident response plan and processes to address potential threats
- Good understanding of data networking and computer hardware / operating systems
- Demonstrate an understanding of adversary techniques, log aggregation and correlation, and basic scripting (python/powershell)
- Strong working knowledge of scripting languages (such as Perl and Python) and the use of regular expressions
- Validate and maintain incident response plan and processes to address the evolving threat landscape
- Create and maintain strong relationships with key partners in the incident response ecosystem and ensure efficient alignment during the investigation process
- Strong understanding of TCP/IP protocols and a variety of IT systems, applications, and their operational configurations
- Experience having worked in a Project Manager/Coordinator role or internship is preferable
Skills For Cyber Incident Response Team Lead Resume
- Government security clearances highly desired Experience in working with global systems integrators and partner ecosystems
- Previous experience working in a Fortune 500 Security Operations Center or Incident Response Team
- Experience using Encase Forensics Tool
- It is important to have 3-5 years’ work experience in a SOC or related field such as malware analysis, digital forensics, or reverse engineering
- Experience with data analytics, machine learning, and anomaly detection methods and techniques
Skills For Cyber Incident Response Specialist Resume
- Participate in special forensic projects as required, including collection, preservation of electronic evidence
- Strong working knowledge of Windows client/server, Unix/Linux systems, Mac OSX and VMware
- Strong working knowledge of cloud solutions and security (e.g., Infrastructure as a Service, Software as a Service)
- Experience managing cases with enterprise SIEM systems
- Experience supporting incident investigations
- Experience working in a 24/7 SOC environment
- Experience with basic forensics tools, open source forensic tools and web history tools
- Very strong sense of ethics/values – ability to handle confidential investigations with discretion
Skills For Cyber Incident Response Lead Resume
- Multi-task and prioritize workload with minimal supervision
- Understanding of regular expression and at least one common scripting language (PERL, Python, PowerShell, ETC)
- Responding to computer security incidents according to the cyber security incident response plan
- Providing guidance to first responders for handling information security incidents
- Compiling and analyze data for management reporting and metrics
- Tuning of existing detection rules or logic to improve true positive ratios
Skills For Senior Cyber Incident Response Manager Resume
- Performing data analytics to identify and confirm cyber security threats
- Understanding chain of custody requirements
- Coordinating security incident response efforts among multiple organizations
- Understanding of OSI model and ability to apply to troubleshooting issues
- Coding/Scripting in any major language (.NET, Java, Python, Ruby, PowerShell)
Skills For Cyber Incident Response Senior Analyst Resume
- Working knowledge of common attack vectors and penetration techniques
- Assist with developing and maintaining Standard Operating Procedures
- Real passion for researching new rules, formulating new ways to defend against adversary behavior and improving processes
- Deep understanding of TCP/UDP, networking ports and protocols
- Assist clients in identifying and remediating gaps as identified throughout the investigation
- Stay current with new and evolving technologies via formal training and self-education
Skills For Cyber Incident Response Engineer Resume
- Knowledge of systems administration, network engineering, and security engineering
- Be a participating member in cross training and continuous improvement activity across the Cyber teams
- One or more qualified certifications including: GCIA, GCIH, GCFA
- Find, analyze, interpret, and extract attack related payload from packet captures and host forensic images using tools
- Conduct network forensic investigations including packet analysis
- Conduct incident and investigations post-mortem briefings, analysis, and reporting
- Administer security tools, keeping them current, tuned, and optimized
Skills For Manager Cyber Incident Response Resume
- Collaboration across all IT departments – (Security Engineering, Network Operations, Access Management, Legal, -, etc.)
- Working within the Information Security field
- Originality and creativity in problem solving
- Basic understanding of forensics and intrusion detection
- Involvement in creating a virtualized environment
- High level understanding of Apple hardware / software
- One or more of the following certifications: CISSP, SANS GCFA, GCIH, GREM
- Proficient in Scripting (Python, PowerShell)
Skills For Cyber Risk Cyber Incident Response Senior Consultant Resume
- Perform incident response using vulnerability assessment tools
- Develop and enhance cyber incident response processes and procedures leveraging relationships with front line operations teams and available tools and systems
- Expert level knowledge of Security Information and Event Management (SIEM), log management, and/or threat monitoring systems
- Maintain and enhance a framework for measuring risks associated with lack of visibility into system access and activity
- Provide leadership and guidance to the team of analysts on the security monitoring and response team
- Be creative within the context of a "forward thinking" security team - expect to be challenged and have your opinion heard
Skills For Cyber Incident Response Analyst, Mid Resume
- CND Duty Role Certifications, including CEH, GCIA, or GCIH or obtain within 30 days of hire
- Leadership around the Development and updating of the team procedures, and the configuration of tools for the Cyber Analysts consumption
- Escalates cyber security events according to Merck’s playbook and standard operation procedures (SOPs)
- Performs additional analysis of escalations from Monitoring Analysts and conduct case review
- Conducts hunting activities based on internal and external threat intelligence
- Develop and update standard operating procedures and playbooks to align response activities with best practices
- Build an understanding of key S&P technology, systems, and business practices
- Perform host based analysis using endpoint detection and response tools to identify suspicious processes or other activities
List of Typical Responsibilities For a Cyber Incident Response Resume
Responsibilities For Cyber Incident Response Analyst Resume
- Relevant areas of experience include but not limited to; Firewalls, VPNs, Intrusion prevention/detection (IDS), File Integrity Monitoring (FIM), , Perimeter security, Secure content including Network Access Control (NAC), Data Loss Prevention (DLP), Security Information and Event Management (SIEM
- Be a strong listener to support all levels of the organization
- Experience with ArcSight SIEM
- Experience with McAfee, Juniper or Fortinet IDP platforms
- Experience with “Endpoint Detection & Response” solutions
- Comfortable working in a fast-paced, exciting environment
Responsibilities For Cyber Incident Response Team Lead Resume
- Research, tools, techniques, and process improvements for current and emerging threat and attack vectors
- Write scripts/code using Python, Bash, Powershell, Java
- BA/BS in Engineering, Computer Science, or Information Security
- Familiarity with threat hunting techniques
- As part of a Global team this role is required to travel approximately 2-3 times per year
- Provide off-hours support on an infrequent, but as needed basis
Responsibilities For Cyber Incident Response Specialist Resume
- Be a detail-oriented self-starter and quick learner
- EnCE, CISSP, CISA, CCSA, CCSE, MCSE and/or other industry relevant certification
- Experience working with or knowledge of Encase, SANS SIFT workstation, Internet Evidence Finder, Volatility, Mandiant Redline, Splunk, and FTK (Forensic ToolKit)
- We find it helpful to have members of our team to have advanced degrees relevant to technology and computer science
- Familiarity with Cyber Kill Chain methodology and techniques to disrupt it
- Analyze large data sets and unstructured data (logs, NetFlow, packet capture) for the purpose of identifying trends and anomalies indicative of malicious activity
- Correlate firewall, DNS, anti-malware, NTP, HIPS, IDS/IPS events
- Security certification(s) (CISSP, CISA, CISM, CEH, GSEC)
Responsibilities For Cyber Incident Response Lead Resume
- Capability to provide memory forensics
- Be a detail-oriented self-starter and a quick learner
- Work in an "on call" status as necessary
- Communicate to a technical and non-technical audience
- Windows and Linux administration tools and concepts
- Professional security certification, such as Security+, GCIH, CISSP, CEH, etc
Responsibilities For Senior Cyber Incident Response Manager Resume
- Provide clients guidance and advice in regards to cyber incidents, forensics, and incident response
- Document findings and create well written reports
- Use advanced level of understanding in their cyber specialization as well as their general understanding of several cyber related disciplines to investigate and analyze all response activities related to cyber incidents
- The tasks include, but are not limited to: creating and maintaining incident tracking information; planning, coordinating and directing recovery activities; and incident analysis tasks, including examining all available information and supporting evidence or artifacts related to an incident or event
- Integrate analysis of cyber security features as it relates to existing systems as well as future needs and trends
- Apply advanced forensic tools and techniques for attack reconstruction
Responsibilities For Cyber Incident Response Senior Analyst Resume
- Work other GCCoE mission related tasks as needed
- Response to security incidents across a wide array of technologies. Mitigate and contain impact from security events, coordinate remediation efforts, summarize and make recommendations to senior management for improvements
- Authors incident response reports and lessons learned to include root cause analysis
- Advanced knowledge of network security concepts, best practices and procedures
- Knowledge of collaborative research tools (e.g., CRITs) and data exchange formats (e.g., TAXII, STIX)
- Checkpoint, Juniper or Netscreen Firewalls
- Familiarity of basic firewall and vulnerability scanner architecture, operations and configuration
Responsibilities For Cyber Incident Response Engineer Resume
- Team leadership
- Security certifications (e.g. Security+, Network+, CEH, SANS etc.)
- SANS GSEC certified/qualified
- Certification or education: BSc or equivalent in cryptography, data mining, computer science, communication technology, computer security and/or related certification like GCIA, GCIH, GCIA, GREM, CEH, CISSP
- Hunt for threats and malware that alarms miss, develop indicators and tripwires to improve detection and prevention capabilities
- Collect, process, and analyze data and information to create threat intelligence. Provide rapid assessments of potentially imminent security situations, sensitive developments and complex threat issues. Assess unforeseen threat developments and recommend changes in security direction and approach
- Java, Microsoft .NET