Employer hire CIRs to perform critical tasks which include:

• Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Coordinate incident response functions.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
• Perform cyber defense trend analysis and reporting.
• Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Write and publish after action reviews.