Incident Response/Incident Management

ps.89ps.89 Member Posts: 42 ■■■□□□□□□□
Are any of you familiar with incident response/incident management as an actual role in IT? In my experience, this type of position is less technical and mainly focuses on alert monitoring/escalation and quality control of incidents (ensuring tickets are filled out properly, has detailed notes/documentation, and ensuring teams resolve incidents within SLA).  Is it a standard practice to have teams dedicated to just this?
Complete: BS in Networking, CCNA
2020 Year Goals: CCNP Enterprise, finish a Python video course


  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■□□□□□
    I have seen a few jobs labeled as Incident Management Coordinator or similar and based on the description it seems to be in-line with what you are saying. If a job is listed as Incident Response though, it is much more likely to be the technical activities such as forensics and reviewing logs/alerts.

    If a company had the Incident Management job, I would look at the size of the organization (larger companies have more roles and the need for coordinators)....but if the company seems medium or smallish, they probably have so many things going on along with trouble tuning their alerts and responses so that role will be busy.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,148 Mod
    yes I'm familiar with it and it can be a job from hell. Getting called at all times of the day at any hour, to get all the resources on a technical bridge to deal with an incident. It depends on how busy the organisation is. I wouldn't do it
    Goal: MBA, Jan 2021
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    IR varies depending upon the organization and your IR role. You could be an incident commander running a bridge with 100 people all trying to give or receive information, or you could be the equivalent of tier 1 help desk support taking reports from employees who have received suspicious phone calls or emails. The job description and the excellent questions that you ask in the first-round interview will give you a good idea of what you are getting yourself in to. To really get the inside poop on the job, there is nothing better than having a friend already working on the team that is hiring.
  • ps.89ps.89 Member Posts: 42 ■■■□□□□□□□
    Thanks for the comments, everyone
    Complete: BS in Networking, CCNA
    2020 Year Goals: CCNP Enterprise, finish a Python video course
Sign In or Register to comment.