Career Opportunities in Incident Response

Credit EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

To be successful the following skill sets are recommended by practitioners.

• An in-depth technical background: Professionals transitioning into this field need to have a thorough knowledge of networks and systems, including operating systems, desktop, servers and network communications. Certain specialty like understanding web and data applications and how they work helps big time, says Poor. Usually a bachelor's or associate degree in IT, computer science or information assurance is preferred.


• Ability to communicate: is crucial, as professionals need to be able to communicate to their clients or business units: What the issue/problem is? What has been the impact? What does that translate to business cost? What are the possible options? When can these options be exercised?" I primarily look for people who can effectively communicate in plain English and understand the importance of being conversant in such issues," says Allor.


• Supporting the business: i.e. getting the business units to be involved in discussing incident handling and response issues is fundamental to see how to best secure the systems and business. "We as practitioners need to provide value, which can be done by understanding how business perceives the underline risks and how jointly we can solve issues," maintains Allor.


• Ability to remain composed: "Ability to remain calm under fire is typically what I look for while hiring candidates," says Poor. "As practitioners we are under the gun the majority of our work life and need to be able to work effectively under this constant pressure."


• Work experience: All experts say that certifications such as the CISSP or the GIAC- Incident handler certificate from SANS are secondary preference compared to the level of work experience they look for in hiring an incident handler. All require prior work experience handling incidents and crises situations. "What we really look in candidates is the technical ability to perform," adds Poor, including participation in security associations, conferences and forums.


• Ability to Network: "When I have an issue, I reach out to my peers in companies like CISCO, Juniper, HP to ensure a good fix can be applied quickly to the problem," says Allor. One needs to establish a network outside their organization to get help when required.

A good entry point into incident handling and response is for professionals already involved with security and network monitoring systems having the desire to escalate and do more. The salary range for incident response professionals is typically between $70,000-$140,000 annually.

Where are the Jobs?

Incident response jobs are readily available with government agencies, including Defense Department, Department of Homeland Security, National Security Agency (NSA) and the U.S. Treasury. Government contracting companies such as General Dynamics, Booz Allen Hamilton, North Grumman and Lockheed Martin increasingly hire individuals with this expertise.

Within banking and financial services, consulting and advisory firms such as KPMG, Deloitte, PricewaterhouseCoopers and others have a constant demand for incident handlers and responders. Usually large community banks, credit unions and national and international banks hire these professionals to act as first responders and investigators to incidents and attacks.

Incident response can include a disruptive and erratic work schedule as well as high work pressure. Job seekers need to be prepared, very committed and passionate to take this up as a career, Poor mentions.

"We are like medical practitioners in our field," he says, "where we are on call 24/7 and are paged to handle a crises situation."