Forensic and Incident Response Officer

SPECIFIC RESPONSIBILITIES:

Incident Response Management: Leads and coordinates the organization's incident response

efforts. Establishes and maintains an incident response plan that outlines the processes, roles,

and responsibilities for responding to cybersecurity incidents. Ensures incidents are promptly

identified, assessed, and appropriately escalated.

ncident Triage and Investigation: Conducts initial triage of cybersecurity incidents to

determine the severity, impact, and nature of the incident. Initiates and leads investigations

into incidents, gathering evidence, and analyzing data to understand the root cause and extent

of the incident.

Forensic Analysis: Performs forensic analysis of digital evidence to support incident

investigations. Utilizes forensic tools and techniques to collect, preserve, and analyze data

from affected systems, networks, and devices. Extracts relevant artifacts, such as logs, memory

images, and file systems, to uncover the attacker's activities and identify potential

vulnerabilities.

Evidence Collection and Preservation: Ensures the proper collection, preservation, and

documentation of evidence related to cybersecurity incidents. Adheres to forensic best

practices and legal requirements to maintain the integrity and admissibility of digital evidence.

Prepares detailed reports and documentation of the forensic findings.

Incident Containment and Eradication: Works with technical teams to develop and execute

strategies for containing and eradicating cybersecurity incidents. Provides guidance on

technical remediation activities, such as system patching, malware removal, or network

reconfiguration, to mitigate the impact of the incident and prevent further compromise.

Collaboration and Communication: Collaborates with cross-functional teams, including IT,

security operations, legal, HR, and senior management, to ensure effective incident response.

Communicates with stakeholders, such as executive management, affected departments, and

external partners, regarding incident updates, mitigation strategies, and lessons learned.

Incident Reporting and Documentation: Prepares comprehensive incident reports that

document the details of the incident, the response activities undertaken, and the lessons

learned. Provides recommendations for improving incident response processes, enhancing

security controls, and preventing future incidents.

Training and Awareness: Develops and delivers incident response training programs to educate

employees on their roles and responsibilities during cybersecurity incidents. Raises awareness

about common incident types, reporting procedures, and incident response best practices

across the organization.