Job Descriptions

Use this tool to access job descriptions for your next hire. Search by skills or job titles and download the job description to help you get started. Tip: You can use this tool to help ensure your own resume is up-to-date with the latest job requirements.

You may search job titles by skills within selected career category
Information System Security Officer (ISSO)
Chief Information Security Officer (CISO)
Information Security (IS) Auditor
Security Architect
Security Automation Engineer
Secure Software Assessor
Cryptographer/Cryptanalyst
Information Systems Security Developer
Operational Technology Systems Analyst
Security Engineer
Supply Chain Security Analyst
Security Testing and Evaluation Specialist
Identity Management & Authentication Support Specialist
Encryption / Key Management Support Specialist
Data Privacy Specialist
Cybersecurity Operations Technician
Cybersecurity Incident Responder
Cybersecurity Malware Specialist
Digital Forensics Analyst
Cybersecurity Operations Analyst
Vulnerability Assessment Analyst
Information Systems Security Manager - Cybersecurity Operations
Threat Hunter
Cybersecurity Operational Technology Incident Responder Penetration Tester
Data Scientist (AI)
Systems Analyst
User Interface Designer
Developer
Data Scientist (Tech)
Architectural Designer
Project Manager
Legal Compliance Officer
IT Auditor
Automation Process Engineer
IT Author / Technical Writer
Clinical Researcher / Coordinator
Machine Learning Engineer
Social Media Manager
Systems Engineer
Computer Vision Engineer
IT Service Manager
Data Analyst
Product Manager
Policy Analyst
Learning and Development Specialist
Cognitive Copywriter
Front End Developer
Technical Recruiter
Business Analyst
User Experience Designer
Programmer
Full Stack Developer
Data Engineer
Software Engineer
Deep Learning Engineer
Medical Coder/Programmer
Human Resources Analyst
Robotics Process Analyst
Online/Digital Learning Developer
Network and Systems Administrator
Systems Architect
Tech Sales and Customer Service
Graphic and Animation Designer
IT Program Manager
Web Developer
Business Intelligence Analyst
IT Procurement Officer
Digital Marketing / Communications

Cybersecurity Operational Technology Incident Responder

PROTECT & DEFEND

Skills

Job Description

Other Titles Include:

  • Cybersecurity incident responder
  • Security Operations Centre - Incident handler
  • Cybersecurity first responder
  • Operational technology security incident responder

Note: This role is most commonly found in large or medium-sized organizations. 

Reporting relationship

To be completed by the user of this job description as appropriate.

Job purpose / summary

Provides immediate and detailed response activities to mitigate or limit unauthorized cyber security threats and incidents within an organization. This includes planning and developing courses of action; prioritizing activities; and supporting recovery operations and post-incident analysis.

Duties and responsibilities

  • Perform real-time cyber defense incident handling tasks (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation)
  • Conduct security triage to identify and analyze cyber incidents and threats
  • Actively monitor networks and systems for cyber incidents and threats
  • Conduct risk analysis and security reviews of system logs to identify possible cyber threats
  • Conduct analysis and review, and/or apply network scanners, vulnerability assessment tools, network protocols, internet security protocols, intrusion detection systems, firewalls, content checkers and endpoint software
  • Collect and analyze data to identify cyber security flaws and vulnerabilities and make recommendations that enable prompt remediation
  • Develop and prepare cyber defence incident analysis and reporting
  • Define and maintain tool sets and procedures
  • Develop, implement, and evaluate prevention and incident response plans and activities, and adapt to contain, mitigate or eradicate effects of cyber security incident
  • Provide incident analysis support on response plans and activities
  • Conduct research and development on cyber security incidents and mitigations
  • Create a program development plan that includes security gap assessments, policies, procedures, playbooks, and training manuals
  • Review, develop and deliver relevant training material

Tools and Technology

  • Incident management processes and procedures
  • Defensive systems including firewalls, anti-virus software and systems, intrusion detection and protection systems, scanners and alarms
  • Security event and incident management systems and/or incident reporting systems and networks

Competencies

The following KSA are applied at a basic level:

  • Network security administration and management
  • Network security architecture
  • Hardware and firmware security
  • Software defined security and application security
  • Virtualization and VPN security
  • Virtualization 
  • Cloud-based security
  • Wireless/mobile device security
  • IT security zoning
  • Encryption and cryptography including key management concepts and principles
  • Vulnerability scanning and analysis
  • Vulnerability management tools, processes and procedures
  • Web application security
  • Configuration and operational build books
  • System acquisitions and projects
  • Legal and ethical responsibilities associated with cyber security operations including conduct of investigations, privacy, and preservation of evidence
  • Writing and briefing on technical matters (e.g. incident reports, technical reports, etc.) for managerial level understanding
  • Business continuity and disaster response basics

The following KSA are applied at an advanced level:

  • Network security appliance concepts, operation and configuration (equipment specific based on role - network, server and desktop cyber defence systems and/or appliances)
  • Types of intrusions and indicators of compromise (IoCs)
  • Sources of threat information
  • Common threat actor tactics, techniques, and procedures (TTPs)
  • Incident management processes, responsibilities and authorities
  • Intrusion detection and prevention methodologies, tools and systems
  • Intrusion analysis and mitigation techniques
  • Basic malware analysis
  • Cyber security investigations and evidence preservation

For Operational Technology Incident Responder

In addition to the relevant KSAs above, the follow applied at the basic level:

  • OT systems software and hardware, programmable logic controllers, and digital and analog relaying;
  • Threat and risk assessment to internet connected OT (including implications and assessment of IoT devices)
  • Legal and compliance requirements including organizational responsibilities for workplace and public safety related to OT/ production
  • Telemetry systems, data communications, data acquisition and process control
  • Operating systems, networking, and communications systems concepts;
  • Electrical distribution networks, power system equipment, transformer station operation and electrical theory
  • Database management systems and applications
  • Measures or indicators of OT system performance, availability, capacity, or configuration problems
  • Analysis tools and network protocols
  • Diagnostic tools and fault identification techniques

Direct reports (if appropriate)

To be completed by the user of this job description as appropriate

Qualifications

Education. College diploma in IT field with specialization in IT/cyber security, network security or similar or equivalent training and experience. 

Cybersecurity operations training with industry-level certification in related field (e.g. security operations, network security, threat detection and mitigation, security appliance operations).

Specialized training required for Operational Technology and related systems.

This is a common entry-level job within the security operations centre (SOC). With additional training and experience there is potential for more technically or operationally focused roles in cybersecurity operations such as vulnerability assessment & management, digital forensics, threat analytics and malware analysis. ) as well as management opportunities. 

Certifications.

To be completed by the user of this job description as appropriate

Other relevant qualifications.

To be completed by the user of this job description as appropriate

Key Attributes.

To be completed by the user of this job description as appropriate

Experience. Initial experiential requirement is to have been successful working in an IT environment and technical team setting.

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.