Investigates suspected attacks and undertakes the investigation and resolution of security incidents, in accordance with established procedures including incident management procedures. Uses forensics where appropriate. Reports on findings and lessons learnt/improvement actions.