Skill Profile

Incident Response Process

Runbooks, post-mortems, communication, severity levels, on-call, escalation

Security Incident Response

Roles

7

where this skill appears

Levels

5

structured growth path

Mandatory requirements

26

the other 9 optional

Domain

Security

Group

Incident Response

Last updated

3/17/2026

How to Use

Choose your current level and compare expectations. The items below show what to cover to advance to the next level.

What is Expected at Each Level

The table shows how skill depth grows from Junior to Principal. Click a row to see details.

Role Required Description
Application Security Engineer Required Understands basic Incident Response Process concepts. Follows security guidelines. Recognizes typical code vulnerabilities.
DevSecOps Engineer Required Studies incident response fundamentals: NIST phases (Preparation, Detection, Containment, Eradication, Recovery). Participates in on-call rotation under senior engineer mentorship. Documents incidents in tracking system. Masters basic tools: PagerDuty, OpsGenie, Slack incident bot.
Network Engineer Knows basic incident response process concepts for network engineering and can apply them in typical tasks. Uses standard tools and follows established team practices. Understands when and why this approach is used.
Penetration Testing Engineer Required Understands basic Incident Response Process concepts. Follows security guidelines. Recognizes common vulnerabilities in code.
QA Security Engineer Follows the security incident process: detection, escalation, documentation. Collects evidence during security events. Participates in post-incident analysis.
Security Analyst Required Understands basic Incident Response Process concepts. Follows security guidelines. Recognizes common code vulnerabilities.
Site Reliability Engineer (SRE) Follows incident response process: escalation by severity, communication in dedicated channels. Documents incident timeline. Participates in post-mortem reviews.
Role Required Description
Application Security Engineer Required Participates in application security incident response following established playbooks. Triages security alerts related to application vulnerabilities (SQLi, XSS, SSRF). Collects application logs and artifacts for investigation and communicates findings to the incident commander clearly.
DevSecOps Engineer Required Independently manages incidents as Incident Commander for P2/P3 incidents. Conducts security incident investigation with log analysis (ELK). Creates runbooks for common incidents: compromised credentials, DDoS, data breach. Configures automated alerts and escalation policies in PagerDuty.
Network Engineer Confidently applies incident response process for network engineering in non-standard tasks. Independently selects the optimal approach and tools. Analyzes trade-offs and proposes improvements to existing solutions.
Penetration Testing Engineer Required Supports incident response by providing offensive security expertise during active incidents. Validates attack vectors and helps determine scope of compromise. Documents exploitation paths for post-incident analysis and contributes to lessons-learned reviews with remediation recommendations.
QA Security Engineer Manages security incidents: severity classification, containment actions, root cause analysis. Creates security incident runbooks. Documents lessons learned and improvement actions.
Security Analyst Required Executes incident response procedures including detection, containment, and initial investigation. Classifies incidents by severity using established criteria and escalates appropriately. Performs log analysis and IOC correlation in SIEM to determine attack scope and impact on affected systems.
Site Reliability Engineer (SRE) Manages incidents: severity classification, stakeholder communication, cross-team coordination. Conducts root cause analysis. Leads post-mortems with actionable follow-ups.
Role Required Description
Application Security Engineer Required Designs security solutions with Incident Response Process. Conducts threat modeling. Implements security practices in SDLC. Mentors the team.
DevSecOps Engineer Required Develops corporate Incident Response Plan per NIST SP 800-61. Conducts Tabletop Exercises for teams. Introduces IR automation through SOAR platform (Cortex XSOAR/Tines). Builds forensics capability: artifact collection, chain of custody, memory dump analysis. Conducts blameless postmortems.
Network Engineer Expertly applies incident response process for network engineering to design complex systems. Optimizes existing solutions and prevents architectural mistakes. Conducts code reviews and trains colleagues on best practices.
Penetration Testing Engineer Required Leads purple team exercises to validate and improve incident response capabilities. Designs attack simulations that test detection and response workflows end-to-end. Integrates offensive findings into incident response playbooks and mentors the team on attacker TTPs relevant to detection engineering.
QA Security Engineer Required Designs security incident response: automated detection (SIEM correlation), playbooks for typical incidents, forensics capabilities. Integrates with vulnerability management.
Security Analyst Required Leads incident response for complex multi-vector security incidents across cloud and on-premise environments. Conducts advanced threat hunting and root cause analysis. Develops and refines incident response playbooks based on emerging threats. Mentors team on incident handling and coordinates with external stakeholders.
Site Reliability Engineer (SRE) Required Designs incident response process: automated severity detection, runbook automation, war room orchestration. Implements SLO-based alerting for proactive incident detection.
Role Required Description
Application Security Engineer Required Defines application-specific incident response strategy including detection rules, response playbooks, and communication protocols. Establishes application security monitoring standards to reduce mean time to detection. Coordinates cross-team incident response drills focused on application-layer attack scenarios.
DevSecOps Engineer Required Defines Incident Response strategy for the organization. Manages IR team and SOC. Builds processes for interaction with regulators and law enforcement during breach. Introduces IR metrics: MTTD, MTTR, incident count by severity. Conducts regular Red Team / Blue Team exercises.
Network Engineer Establishes incident response process standards for the network engineering team and makes architectural decisions. Defines the technical roadmap incorporating this skill. Mentors senior engineers and influences practices of adjacent teams.
Penetration Testing Engineer Required Defines offensive security's role in the incident response process across the organization. Establishes red team/purple team exercise programs that systematically test incident response maturity. Coordinates with SOC leadership on improving detection coverage based on real-world attack simulation results.
QA Security Engineer Required Defines security IR standards: incident classification, escalation matrix, communication plan. Conducts tabletop exercises. Coordinates cross-team incident response.
Security Analyst Required Defines the organization's incident response framework including team structure, escalation paths, and communication plans. Establishes incident classification standards, SLAs for response times, and post-incident review processes. Coordinates tabletop exercises and drives continuous improvement of IR capabilities.
Site Reliability Engineer (SRE) Required Defines incident management standards: severity matrix, communication templates, post-mortem requirements. Implements incident metrics (MTTD, MTTR). Trains teams on incident response.
Role Required Description
Application Security Engineer Required Shapes enterprise incident response strategy with deep focus on application-layer threats and supply chain attacks. Drives integration of application security telemetry into organization-wide incident detection platforms. Advises C-level on application security incident readiness and regulatory breach notification compliance.
DevSecOps Engineer Required Designs corporate Incident Response and Cyber Resilience program. Defines SOC strategy: in-house vs MSSP, automation through SOAR, threat intelligence integration. Develops Business Continuity Plan considering cyber risks. Influences organizational security budget and roadmap.
Network Engineer Shapes incident response process strategy for network engineering at the organizational level. Defines best practices and influences technology choices beyond their own team. Is a recognized expert in this area.
Penetration Testing Engineer Required Shapes enterprise security posture by aligning offensive testing programs with incident response maturity models. Drives industry-level contributions to attack simulation frameworks and adversary emulation standards. Advises executive leadership on threat landscape trends and organizational readiness for advanced persistent threats.
QA Security Engineer Required Designs organizational security IR capability: SOC integration, threat intelligence-driven response, automated remediation. Defines security incident management maturity model.
Security Analyst Required Defines enterprise-wide incident response strategy aligned with business risk management and regulatory requirements. Shapes the security operations architecture including SOAR, threat intelligence, and automated response capabilities. Represents the organization to regulators, partners, and industry bodies on incident management practices.
Site Reliability Engineer (SRE) Required Designs incident management platform: automated triage, cross-team coordination, incident learning system. Defines organizational incident culture and continuous improvement process.

Community

👁 Watch ✏️ Suggest Change Sign in to suggest changes
📋 Proposals
No proposals yet for Incident Response Process
Loading comments...