The post in a nutshell:
The CSIRT (Computer Security Incident Response Team) or CERT (Computer Emergency Response Team) Manager is responsible for a security incident response team targeting the organization’s information systems. He ensures the proper execution of investigations and the coordination of stakeholders during a security incident. It helps prepare the organization to ensure an effective response. During high-impact incidents, the CSIRT manager interacts with the crisis management team.
Equivalent title: CERT pilot, Head of a security incident response service
- Plan and organize the daily operations of the CSIRT
- Provide operational support for security crisis management in the event of major security incidents
- Organize operating modes with the internal or external SOC (Security Operation Center) to manage security incidents
- Leverage threat intelligence services to account for existing groups of attackers, their attack methods and motivations
- Inform security teams of important new threats and recommend tactical measures to counter them
- Build and maintain relationships of trust and exchange with French and foreign CSIRT networks as well as with government bodies
- Participate in cybersecurity crisis management preparation exercises
- Develop and update the intervention process in the event of a major security incident as well as all the necessary resources (tools, procedure, etc.); check that the technical and documentary prerequisites are in place and kept up to date
- Ensure stakeholders know their role in security incident management
- Ensure the proper execution of the incident response process from detection to resolution of the incident; monitor and coordinate remediation actions
- Organize feedback on incidents to capitalize on and define improvement actions
Our advice: this position is open to women and men. Motivation and the desire to learn are the fundamental qualities for the success of your project. Don’t put a barrier on yourself, you can do it.
- Mastery of the information system, the urbanization and the architecture of the IS
- Post-mortem analysis (forensic): knowledge of analysis tools
- Post-mortem analysis (forensic): knowledge of legal procedures
- Cyberdefense: practice of log analysis (systems or applications)
- Cyberdefence: practice of network flow analysis
- Cyberdefense: knowledge of attack and intrusion techniques
- Cyberdefense: knowledge of environment vulnerabilities
- Capacity for restitution and popularization for non-technical audiences
- Drafting of reports adapted to different levels of interlocutors
- Team work
- Ability to withstand pressure
- Ethical sense
Description of the profession in the ANSSI directory
The CSIRT manager may be required to contribute to the management of incidents related to reasons other than IS security, such as fraud via IT means.
How to access into the job?
Training: Bac +5, specialization in cybersecurity with a strong component in systems and networks Professional experience of at least 5 years within a CSIRT
Are you looking forward to long studies? Is your job goal to quickly lead multidisciplinary teams?
Or do you enjoy life on our campus so much that you want to stay forever?
The 5-year program is made for you.
Our Master program is adapted to professions with supervising responsibilities and addresses specific cybersecurity requirements. It allows you to deepen and refine your knowledge and skills in one of our 3 specialisations: Information Technology (IT), Industrial (OT) or Management of Cybersecurity Operations (SOC).
The complete career guide
Condimentum lacinia quis vel eros donec ac odio. Nibh cras pulvinar mattis nunc sed blandit libero volutpat. Facilisis gravida neque convallis a cras semper auctor neque vitae.
Same field jobs
Our school provides training in 21 cybersecurity jobs, from technical to supervising positions, from IT operations to industrial systems security. Here is the list of jobs you will be trained for by attending one of our training programs.