What is a Cybersecurity Incident Response Analyst?

Cyber Incident Response Analyst

This is a general guide to the role, qualifications and experience that is normally required for the job of a Cyber Incident Response analyst.

The needs of a company can vary quite considerably so it is worth treating any set of requirements that the company lists as being a bit of a wish list, and either applying for jobs where you do not meet all of the requirements, or substituting your own experience in lieu of some of them.

Job title – Cyber Incident Response Analyst (CIRA)

Sometimes also referred to as an Incident Response Analyst, Lead Incident Response Analyst or Incident Response Engineer.


The main role of a CIRA is really twofold. They will need to actively engage with the company’s Cybersecurity Operations Centre (CSOC) and be heavily involved in the companies Cybersecurity Incident Response Plan (CSIRT)

Most companies will have a CSOC which will have overall responsibility all the company’s security concerns and policies, cyber and otherwise.

The CSIRT is a plan that most companies should  already have in place that can be immediately executed in the event of a cyber attack or data breach.

cyber security jobs

CIRA Job Description / Responsibilities

The role of an analyst can vary quite widely, but offers great opportunities for gaining experience and advancement in the company.

The main focus will be to assist in some way in the planning and development of the CSIRT.

This may involve completely writing one in the first place, rewriting one that is already there, producing detailed documentation for the plan and other projects management related aspects of defence and protection.

As well as being responsible for the CSIRT,  the analyst will be responsible for overseeing staff training of the plan, and running simulations or exercises that involve how the plan would work.

This is really important so that people do not go into and actual instance response without the proper training.

The analyst will be expected to be fully involved in any incident response situation that happens as a result of a cyber attack or data breach.

They may well be expected to be the lead person in executing the plan, and in establishing a secure network afterwards.

They are likely to also the expected to have some input into digital forensics, and the more experience the candidate has in this area the better.

CIRA Qualifications / Experience

Often these two go together, and an individual may make up for a deficit in one area by overcompensating in the other.

Bachelor Degree –

This is not normally a specific requirement for the job but often companies want it  because they see it as indicative of an individuals personal growth or development. A degree in cyber security or project management may be quite useful however.

Years of experience –

A company will usually ask for anything but between 3 and 7 years worth of experience, either in a Security Operations Center or an Instant Response Team, as well as experience in working with other professionals.

The length of experience is not necessarily that important, and should not be seen as a barrier to applying for the job.

cyber security jobs

Certifications etc

The list of certifications and qualifications that a company may require is almost limitless. Jobs in certain Industries, such has Defense or Healthcare may require more  specialised certifications then other Industries.

Many companies will also offer the candidate an opportunity to train for some of these certifications once employed, if not already obtained.

Below is a list of the most common requirements / experience required in relation to a cyber instant response analyst.

  • Certifications
  • A+
  • Network +
  • Security+
  • CEH
  • GCIH
  • GGFA
  • GCFE
  • GNFA
  • GREM
  • GSEC
  • GCIA
  • GMON
  • Experience with  business automation tools, such as  Microsoft PowerB1 or similar.
  • Experience in malware analysis
  • Experience of operating systems – Windows, Mac, Linux and Qubes
  • Experience in networking, system administration and security architecture
  • Experience of data logging applications – Splunk

Cyber Incident Response Analyst – Salary / Benefits

Online job sites normally provide a salary range for specific jobs, as often companies are reluctant to advertise a salary in relation to a specific job title.

These figures are estimates that online job sites feel our likely to be applicable, based on their experience. They are often quite broad because jobs will vary significantly depending on the company, the industry, the location and whether or not it is a hybrid position

Salary figures for an incident response analyst are normally quoted as being between $110,000 and $200,000, which can include salaries for a lead analyst (July 2023).

In many ways, benefits are as important as these salary figures, especially in areas such as healthcare and pension. The other main benefit that is crucial to this job is what training the company is willing to provide, by way of courses, seminars and networking events.

A company may be willing to negotiate on certain benefits if an individual has certain requirements that their list of benefits does not cover.


The job advert will normally specify the location by city or state, and whether or not it is hybrid. In today’s world, all these areas may be more negotiable and would have been the case a few years ago, depending on the needs of the individual and the client.

cyber security jobs

Cyber Security Vetting

Given the nature of cyber security, some type of security vetting if likely to be required. This may range from a simple background check to a fully-fledged government investigation!

The important thing is to be upfront about any previous convictions either civil or criminal or problems with law enforcement, at the start of the application, not the end !

Companies and government bodies take quite a serious view of this, but are normally willing to work with an individual where possible.