From Richard Bejtlich blog :
The incident handler in Cincinnati should meet the following requirements.
- Strong incident handling skills. I want this person to be able to speak authoritatively and confidently when dealing with internal business partners. (This is not a job supporting external customers.)
- Strong mentoring skills. This candidate will interact daily with our Command Center personnel. The Command Center will be the 24×7 component of our Incident Response Center. This incident handler will need to be a mentor and coach for the Command Center analysts, although not their manager.
- Be an ambassador. This incident handler will be our in-person representative to two crucial groups: our Infrastructure businesses and our local IT staff. I need a candidate who represents our interests well and collaborates with partner organizations in a professional manner.
- Intermediate host forensics skills. We need a person who has traditional host-centric forensic experience.
- Introductory-to-intermediate log analysis skills. We need a person who can support others on the team who do log analysis. Experience with or intense willingness to learn Splunk is crucial.