There are a few core defensive security roles you’ll find within an organization that ensure data is kept safe. Roles like SOC analyst, threat hunter, and penetration and vulnerability tester tend toward more project-based, day-to-day sorts of things. Incident responders are a little different.
They take action in urgent situations to mitigate any immediate and potential threats. Using set approaches, and an intimate knowledge of the system, they can deduce what’s out of place, close up any holes, and ensure information stays secure.
“You have to be ready to go at any time, because incidents always happen, regardless of vacations or holidays,” explains Colin Jackson, Pluralsight Senior Security Engineer. When you get that first indication that your system is getting hacked, or something malicious is going on, “you immediately need to spin up and respond.” Incident responders are the firefighters of an organization, jumping in at a moment’s notice to put out those spot security fires.