领域
Security
技能档案
Incident Response Process
Runbooks, post-mortems, communication, severity levels, on-call, escalation
Security
Incident Response
角色数
7
包含此技能的角色
级别数
5
结构化成长路径
必要要求
26
其余 9 个可选
skills.group
Incident Response
最后更新
2026/3/17
如何使用
选择当前级别并对比期望。下方卡片显示晋升所需掌握的内容。
各级别期望
表格展示从初级到首席的技能深度变化。点击行查看详情。
| 角色 | 必要性 | 描述 |
|---|---|---|
| Application Security Engineer | 必要 | Understands basic Incident Response Process concepts. Follows security guidelines. Recognizes typical code vulnerabilities. |
| DevSecOps Engineer | 必要 | Studies incident response fundamentals: NIST phases (Preparation, Detection, Containment, Eradication, Recovery). Participates in on-call rotation under senior engineer mentorship. Documents incidents in tracking system. Masters basic tools: PagerDuty, OpsGenie, Slack incident bot. |
| Network Engineer | Knows basic incident response process concepts for network engineering and can apply them in typical tasks. Uses standard tools and follows established team practices. Understands when and why this approach is used. | |
| Penetration Testing Engineer | 必要 | Understands basic Incident Response Process concepts. Follows security guidelines. Recognizes common vulnerabilities in code. |
| QA Security Engineer | Follows the security incident process: detection, escalation, documentation. Collects evidence during security events. Participates in post-incident analysis. | |
| Security Analyst | 必要 | Understands basic Incident Response Process concepts. Follows security guidelines. Recognizes common code vulnerabilities. |
| Site Reliability Engineer (SRE) | Follows incident response process: escalation by severity, communication in dedicated channels. Documents incident timeline. Participates in post-mortem reviews. |
| 角色 | 必要性 | 描述 |
|---|---|---|
| Application Security Engineer | 必要 | Participates in application security incident response following established playbooks. Triages security alerts related to application vulnerabilities (SQLi, XSS, SSRF). Collects application logs and artifacts for investigation and communicates findings to the incident commander clearly. |
| DevSecOps Engineer | 必要 | Independently manages incidents as Incident Commander for P2/P3 incidents. Conducts security incident investigation with log analysis (ELK). Creates runbooks for common incidents: compromised credentials, DDoS, data breach. Configures automated alerts and escalation policies in PagerDuty. |
| Network Engineer | Confidently applies incident response process for network engineering in non-standard tasks. Independently selects the optimal approach and tools. Analyzes trade-offs and proposes improvements to existing solutions. | |
| Penetration Testing Engineer | 必要 | Supports incident response by providing offensive security expertise during active incidents. Validates attack vectors and helps determine scope of compromise. Documents exploitation paths for post-incident analysis and contributes to lessons-learned reviews with remediation recommendations. |
| QA Security Engineer | Manages security incidents: severity classification, containment actions, root cause analysis. Creates security incident runbooks. Documents lessons learned and improvement actions. | |
| Security Analyst | 必要 | Executes incident response procedures including detection, containment, and initial investigation. Classifies incidents by severity using established criteria and escalates appropriately. Performs log analysis and IOC correlation in SIEM to determine attack scope and impact on affected systems. |
| Site Reliability Engineer (SRE) | Manages incidents: severity classification, stakeholder communication, cross-team coordination. Conducts root cause analysis. Leads post-mortems with actionable follow-ups. |
| 角色 | 必要性 | 描述 |
|---|---|---|
| Application Security Engineer | 必要 | Designs security solutions with Incident Response Process. Conducts threat modeling. Implements security practices in SDLC. Mentors the team. |
| DevSecOps Engineer | 必要 | Develops corporate Incident Response Plan per NIST SP 800-61. Conducts Tabletop Exercises for teams. Introduces IR automation through SOAR platform (Cortex XSOAR/Tines). Builds forensics capability: artifact collection, chain of custody, memory dump analysis. Conducts blameless postmortems. |
| Network Engineer | Expertly applies incident response process for network engineering to design complex systems. Optimizes existing solutions and prevents architectural mistakes. Conducts code reviews and trains colleagues on best practices. | |
| Penetration Testing Engineer | 必要 | Leads purple team exercises to validate and improve incident response capabilities. Designs attack simulations that test detection and response workflows end-to-end. Integrates offensive findings into incident response playbooks and mentors the team on attacker TTPs relevant to detection engineering. |
| QA Security Engineer | 必要 | Designs security incident response: automated detection (SIEM correlation), playbooks for typical incidents, forensics capabilities. Integrates with vulnerability management. |
| Security Analyst | 必要 | Leads incident response for complex multi-vector security incidents across cloud and on-premise environments. Conducts advanced threat hunting and root cause analysis. Develops and refines incident response playbooks based on emerging threats. Mentors team on incident handling and coordinates with external stakeholders. |
| Site Reliability Engineer (SRE) | 必要 | Designs incident response process: automated severity detection, runbook automation, war room orchestration. Implements SLO-based alerting for proactive incident detection. |
| 角色 | 必要性 | 描述 |
|---|---|---|
| Application Security Engineer | 必要 | Defines application-specific incident response strategy including detection rules, response playbooks, and communication protocols. Establishes application security monitoring standards to reduce mean time to detection. Coordinates cross-team incident response drills focused on application-layer attack scenarios. |
| DevSecOps Engineer | 必要 | Defines Incident Response strategy for the organization. Manages IR team and SOC. Builds processes for interaction with regulators and law enforcement during breach. Introduces IR metrics: MTTD, MTTR, incident count by severity. Conducts regular Red Team / Blue Team exercises. |
| Network Engineer | Establishes incident response process standards for the network engineering team and makes architectural decisions. Defines the technical roadmap incorporating this skill. Mentors senior engineers and influences practices of adjacent teams. | |
| Penetration Testing Engineer | 必要 | Defines offensive security's role in the incident response process across the organization. Establishes red team/purple team exercise programs that systematically test incident response maturity. Coordinates with SOC leadership on improving detection coverage based on real-world attack simulation results. |
| QA Security Engineer | 必要 | Defines security IR standards: incident classification, escalation matrix, communication plan. Conducts tabletop exercises. Coordinates cross-team incident response. |
| Security Analyst | 必要 | Defines the organization's incident response framework including team structure, escalation paths, and communication plans. Establishes incident classification standards, SLAs for response times, and post-incident review processes. Coordinates tabletop exercises and drives continuous improvement of IR capabilities. |
| Site Reliability Engineer (SRE) | 必要 | Defines incident management standards: severity matrix, communication templates, post-mortem requirements. Implements incident metrics (MTTD, MTTR). Trains teams on incident response. |
| 角色 | 必要性 | 描述 |
|---|---|---|
| Application Security Engineer | 必要 | Shapes enterprise incident response strategy with deep focus on application-layer threats and supply chain attacks. Drives integration of application security telemetry into organization-wide incident detection platforms. Advises C-level on application security incident readiness and regulatory breach notification compliance. |
| DevSecOps Engineer | 必要 | Designs corporate Incident Response and Cyber Resilience program. Defines SOC strategy: in-house vs MSSP, automation through SOAR, threat intelligence integration. Develops Business Continuity Plan considering cyber risks. Influences organizational security budget and roadmap. |
| Network Engineer | Shapes incident response process strategy for network engineering at the organizational level. Defines best practices and influences technology choices beyond their own team. Is a recognized expert in this area. | |
| Penetration Testing Engineer | 必要 | Shapes enterprise security posture by aligning offensive testing programs with incident response maturity models. Drives industry-level contributions to attack simulation frameworks and adversary emulation standards. Advises executive leadership on threat landscape trends and organizational readiness for advanced persistent threats. |
| QA Security Engineer | 必要 | Designs organizational security IR capability: SOC integration, threat intelligence-driven response, automated remediation. Defines security incident management maturity model. |
| Security Analyst | 必要 | Defines enterprise-wide incident response strategy aligned with business risk management and regulatory requirements. Shapes the security operations architecture including SOAR, threat intelligence, and automated response capabilities. Represents the organization to regulators, partners, and industry bodies on incident management practices. |
| Site Reliability Engineer (SRE) | 必要 | Designs incident management platform: automated triage, cross-team coordination, incident learning system. Defines organizational incident culture and continuous improvement process. |
正在加载评论...
登录以加入讨论