Incident Response Coordinator

We are seeking a highly skilled and motivated Incident Response Coordinator to join our Security Operations team. This role involves planning, coordinating, and managing responses to security incidents, ensuring accurate execution of processes and timely completion of documentation and communications.

The ideal candidate for the Incident Response Coordinator role is an experienced professional with the soft skills that enable effective performance in high-stakes environments. They are an active listener with strong analytical and problem-solving abilities to quickly assess and address complex incidents, and the ability to confidently communicate clear, concise updates to diverse stakeholders, including leadership and external partners. Additionally, they exhibit adaptability, attention to detail, and a commitment to ethical practices, fostering team trust and enhancing overall organizational resilience.

Personnel performing this role may unofficially or alternatively be called:

• Incident Handler
• Incident Responder
• Incident Response Analyst
• Incident Response Engineer
• Intrusion Analyst
• Computer Network Defense Incident Responder
• Computer Security Incident Response Team Engineer

Essential Functions:

• Coordinate the investigation, containment, recovery, and remediation of cybersecurity incidents, collaborating with IT, legal, communications, and third parties as needed
• Serve as the primary contact during incidents, providing status updates and coordinating activities with leadership, internal teams, and external partners
• Monitor and analyze network traffic, security logs, and alerts to identify, triage, and respond to suspicious activity and potential incidents
• Document after action incident details, actions taken, timelines, and lessons learned in line with organizational standards

Core Duties:

• Conduct periodic incident response exercises, deliver training, and raise awareness among staff on emerging threats and protocols
• Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise
• Continuously review and improve the incident response plan, procedures, and playbooks based on post-incident reviews and lessons learned
• Perform initial triage and analysis of security incidents to assess scope, urgency, and impact.
• Guide cross-functional teams to contain threats, eradicate vulnerabilities, and restore normal operations
• Coordinate with the Corporate Leadership, Security Operations Center (SOC), and external parties as required
• Lead after-action reviews, publish findings, and recommend mitigation measures to strengthen future defenses
• Stay current with evolving threats, vulnerabilities, and best practices through threat intelligence monitoring and external sources

Core Knowledge

• Knowledge of business continuity and disaster recovery continuity of operations plans.
• Skill in preserving evidence integrity according to standard operating procedures or international standards.
• Knowledge of cyber defense and information security policies, procedures, and regulations.
• Knowledge of incident categories, incident responses, and timelines for responses.
• Knowledge of incident response and handling methodologies
• Skill in performing impact assessments
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Skill in using security event correlation tools
• Knowledge of OSI model and underlying network protocols (e.g., TCP/IP)
• Knowledge of cloud service models and how those models can limit incident response.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
• Knowledge of malware analysis concepts and methodologies
• Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks

Qualifications:

Basic Qualifications:

• Strong knowledge of incident response processes, attack vectors, threat tactics, and detection methods
• Experience with DNS Security, SIEM and SOAR systems, endpoint detection tools, forensic software, and security monitoring solutions
• Excellent analytical, problem-solving, and communication skills, with the ability to perform under pressure
• Familiarity with regulatory requirements, security frameworks, and incident response standards (e.g., NIST, ISO 27001)
• Proactive mindset focused on continuous improvement, training, and cross-departmental collaboration
• Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field or equivalent work experience of 5 years or more
• Minimum of 2 years of experience in cybersecurity incident response or a related role

Preferred Qualifications:

• Professional certifications such as CISSP, ECIH, GCFE, GCIH
• Experience with digital forensics and malware analysis
• Knowledge of network protocols and security architecture
• Familiarity with malware types and attack methods
• Experience with scripting and automation tools

Core Competencies

Business Continuity

Computer Forensics

Computer Network Defense

Incident Management

Information Systems/Network Security

Infrastructure Design

System Administration

Threat Analysis

Vulnerability Assessment