Role and (mostly) Responsibilities Before we go any further, note the word ‘engineer’ in the title. One of the definitions by the Oxford dictionary of 'engineer' is: ‘Skilfully arrange for (something) to occur.’ With that in mind, let’s get on with it. We’re discussing an InfoSec Incident Response Engineer in this article. If along the way at any point you feel like this article is more applicable to a manager role, you’re wrong. Every member of the IR team is a manager, they need to manage their part in the response, orchestrate it and be accountable for their actions according to their level of involvement. ___________________________________ C ontrary to mainstream belief that an IR engineer needs to be someone good at detecting or hunting for threats, the real purpose of an IR engineer is to respond to incidents in an efficient, impactful and compliant way, following clearly defined protocols and an even more clearly defined scope. After the incide...
Malware Analysis for Incident Response