Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NICE Cybersecurity Apprenticeship Program Finder

See All Apprenticeship Programs

Cyber Defense Incident Responder

STACK Cybersecurity
33131 Schoolcraft
Livonia, Michigan 48150
Registered: Yes – Federal and State
Virtual*: No

Additional information:

STACK Cybersecurity's apprenticeship is a 16-month, in-person immersive educational opportunity where apprentices work alongside technicians and engineers in the field. As a managed IT and cybersecurity service provider (MSP and MSSP), STACK is SOC 2 Type 2 certified, requiring all apprentices to undergo detailed background checks before starting.

Description: Apprentices will develop and oversee the implementation of information security procedures and policies. They will build, support, and upgrade security technology, such as firewalls, to ensure the safe use of computer networks and the secure transmission and retrieval of information. Apprentices will design and implement proper security controls to identify vulnerabilities and protect digital files and electronic infrastructures. They will monitor and respond to computer security breaches, viruses, and intrusions, and perform forensic investigations. Additionally, they may oversee the assessment of information security systems.

The on-the-job training for the Cyber Defense Incident Responder apprenticeship program covers several key areas. Apprentices will implement defensive security measures for computer or information systems by monitoring external data sources to stay updated on cyber defense threats. They will analyze log files from various sources, such as host logs, network traffic logs, and firewall logs, to identify potential threats to network security.

Apprentices will also perform cyber defense incident triage, determining the scope, urgency, and potential impact of incidents, and making recommendations for remediation. They will collect forensic images and inspect them to discern possible mitigation strategies, as well as handle real-time cyber defense incidents, including forensic collections, intrusion tracking, threat analysis, and direct system remediation.

In terms of incident handling and response, apprentices will analyze network alerts from various sources within the enterprise to determine their causes and track and document cyber defense incidents from initial detection through final resolution. They will perform trend analysis and reporting on cyber defense incidents and develop new incident handling procedures, conducting training presentations as needed. Apprentices will also assess the quality of security controls using performance indicators.

Coordination and support are crucial aspects of the training. Apprentices will provide expert technical support to enterprise-wide cyber defense technicians to resolve incidents and coordinate incident response functions. They will work with intelligence analysts to correlate threat assessment data and conduct investigations of information security breaches to identify vulnerabilities and evaluate the damage. Additionally, apprentices will coordinate vulnerability assessments and monitor networks or systems for security breaches or intrusions.

For incident tracking and analysis, apprentices will correlate incident data to identify specific vulnerabilities and recommend remediation strategies. They will document and publish reports on their findings, utilizing approved defense-in-depth principles and practices. Apprentices will gather intrusion artifacts, such as source code and malware, to facilitate the mitigation of potential cyber defense incidents within the enterprise. Acting as technical experts and liaisons, they will explain incident details to law enforcement personnel as needed and produce after-action reviews. Additionally, apprentices will analyze reports, dashboards, and alerts to oversee the enterprise's security posture, provide constructive feedback to fellow analysts, and update incident handling documentation as necessary.

* The employment model allows for remote work to satisfy the on the job training requirements.