From Richard Bejtlich blog :

The incident handler in Cincinnati should meet the following requirements.

1. Strong incident handling skills. I want this person to be able to speak authoritatively and confidently when dealing with internal business partners. (This is not a job supporting external customers.)
2. Strong mentoring skills. This candidate will interact daily with our Command Center personnel. The Command Center will be the 24×7 component of our Incident Response Center. This incident handler will need to be a mentor and coach for the Command Center analysts, although not their manager.
3. Be an ambassador. This incident handler will be our in-person representative to two crucial groups: our Infrastructure businesses and our local IT staff. I need a candidate who represents our interests well and collaborates with partner organizations in a professional manner.
4. Intermediate host forensics skills. We need a person who has traditional host-centric forensic experience.
5. Introductory-to-intermediate log analysis skills. We need a person who can support others on the team who do log analysis. Experience with or intense willingness to learn Splunk is crucial.

More detail