Developing

What this level means

Early-career professional; developing skills, handles routine tasks with some independence

Scope

Defined deliverables / small features

Autonomy

General supervision; reviewed at milestones

Complexity

Some non-routine problems; applies established patterns

Impact

Own and immediate-team deliverables

Decision rights

Routine technical choices within guidance

Leadership

May guide interns

Typical experience

1–3 yrs

What you'd do

• Perform deeper forensic analysis on a compromised host
• Coordinate with IT team to isolate a section of the network
• Refine incident reports
• Develop incident response strategies
• Participate in post-incident reviews
• Train junior team members on incident response
• Maintain incident response tools
• Communicate with stakeholders during incidents
• Perform forensic analysis
• Coordinate network isolation
• Refine and report incidents

Skills, knowledge & tools

• Forensic analysis
• Network isolation
• Report refinement
• Incident strategy development
• Post-incident review
• Tool maintenance
• Stakeholder communication
• Training and mentoring
• Forensic analysis techniques
• Network security
• Incident reporting standards
• Incident response strategies
• Post-incident processes
• Tool maintenance and usage
• Stakeholder communication
• Training methodologies
• Analytical thinking
• Effective communication
• Time management
• Problem Solving
• Technical proficiency
• Team leadership
• Adaptability
• Strategic Thinking

What good looks like

• 2+ years of experience in incident response or a closely related security field
• GIAC Certified Incident Handler (GCIH) preferred
• Proficiency in forensic analysis tools

What it pays

Market-pay benchmarks for this family × level are being recalibrated across all survey sources and will return shortly.

O*NET / SOC: 15-0000 — Computer & Mathematical Occupations (inferred)

Related families