About This Position
The NIMSType1Cyber Incident Responder: The National Incident Management System(NIMS) Not Specified 1.Servesastheteamleaderonthe Cyber Incident Type2Cyber Incident Responder: Response Team 1.Worksunderthetechnicaldirectionofa NIMSType 2.Respondstocrisisorurgentsituationsaimedat 1Cyber Incident Responderaimedatmitigating, mitigating,preparingfor,respondingto,andrecovering preparingfor,respondingto,andrecoveringsystems systemsfromcyberthreats fromcyberthreats 3.Completescyberincidentresponsereportsduring 2.Respondsbycompletingactionsthatarecrucialto andafterdeployments preventlossoflife,preserveproperty,andsecure informationwhileinvestigatingandanalyzingall relevantresponseactivities 3.Supportsthe NIMSType1Cyber Incident Responderbypreparingreportsduringandafter deployments,whichincludeallactionstakentoproperly documentacyberincidentduringtheoperation
Training Requirements
Sameas Type2 Completionofthefollowing: Anyuseoftheterm“forensics”isdescriptiveofaskillor 1.IS-100:Introductionto Incident Command System, capabilityanddoesnotimplyalawenforcementrole. ICS-100 2.IS-200:Basic Incident Command Systemfor Initial Response,ICS-200 3.IS-700:National Incident Management System,An Introduction 4.IS-800:National Response Framework,An Introduction 5.IS-860:National Infrastructure Protection Plan,An Introduction 6.Agency Having Jurisdiction(AHJ)-determinedcyber forensicstraining 1.3-DECEMBER2019 CYBERINCIDENTRESPONDER 1OF5 Position Qualificationfor Cybersecurity Cybersecurity COMPONENT TYPE1 TYPE2 NOTES
Experience
Sameas Type2,PLUS: AHJ-documentedandvalidatedknowledge,skills,and Theknowledge,skills,andabilitiesalignwiththe Knowledge,Skills,and Abilities: abilitiesdemonstratedinthefollowingareas: National Initiativefor Cyber Education(NICE)National 1.Writingtechnicalreportsthatdescribetheexploited 1.Databackup,typesofbackups,andrecovery Cybersecurity Workforce Framework. vulnerability,theappliedsecuritycontrol(s)tocorrect conceptsandtools theimmediateproblem,andanyrecommended 2.Hownetworkservicesandprotocolsinteractto additionalcontrolsorchangesinprocessorpolicy providenetworkcommunications 2.Writingexecutive-levelreportsandpresentationsto 3.Evidencerecoverytechniquesandtheuseofthe communicatethecauseoftheexploitedvulnerability, correspondingindustrytools theappliedsecuritycontrol(s)tocorrecttheimmediate 4.Logdataanalyticsandtheuseofthecorresponding problem,andanyrecommendedadditionalcontrolsor industrytools changesinprocessorpolicywithseniorleaders 5.Incidentcategories,incidentresponses,and timelinesforresponses AHJ-documentedandvalidatedexperience 6.Cyberincidentresponseandhandlingmethodologies demonstratedinthefollowingareas: 1.Coordinatingwithandprovidingexperttechnical 7.Intrusiondetectionmethodologiesandtechniquesfor supporttoenterprise-wide CNDspecialiststoresolve detectinghost-andnetwork-basedintrusions CNDincidents 8.Networkprotocolsanddirectoryservices 2.Performingincommandandcontrolfunctionsin 9.Networktrafficanalysismethods responsetoincidents 10.Packet-levelanalysis 3.Ident
FEMA RTLT Standard
Cyber Incident Responder
ID: 13-509-1250
Do you serve in this role?
Grey Sky documents and verifies your service against the FEMA standard. Start your record today.
Tell Your Story