Engaging the Security Engineer On-Call

The Security Incident Response Team (SIRT) is on-call 24/7/365 to assist with any security incidents. This handbook provides guidance to help identify the scope and severity of a potential security incident, followed by instructions on how to engage the Security Engineer On-Call (SEOC) if needed.

Information about SIRT responsibilities and incident ownership is available in the SIRT On-Call Guide.

Incident Severity

Before engaging the SEOC, please review the following to determine the level of engagement needed:

Severity Description Examples Action
High Critical issues that may affect the confidentiality, integrity, or availability of Bramble services or data 1. Brmbl.io is down for all customers

2. Confidentiality or Privacy is breached

3. Unauthorized access

4. Data loss

5. Leaked credentials
See Engage the SEOC
Low Non-urgent issues that have minimal to no impact on Bramble services or data 1. Third party vendor vulnerability

2. Phishing

3. Customer inquiries

4. Troubleshooting device security

5. Security training questions
For phishing related issues, see Phishing

For other non-urgent issues, see Low Severity Issues

The following are out of scope for the SIRT and should be escalated to the respective teams:

Low Severity Issues

For general Q&A, Bramble Security is available in the #security channel in Bramble Slack.

For low severity, non-urgent issues, SIRT can be reached by mentioning @team-sirt in Slack or by opening an issue.

Please be advised the SLA for Slack mentions is 6 hours on business days.


If you suspect you’ve received a phishing email and have not engaged with the sender, please see: What to do if you suspect an email is a phishing attack.

If you have engaged a phisher by replying to an email, clicking on a link, have sent and received text messages, or have purchased goods requested by the phisher, please engage the SEOC.

Engage the Security Engineer On-Call

If you have identified a high severity security incident or you need immediate assistance from the SIRT, there are two options available to engage the SEOC:

  • Email: send an email with a brief description of the issue to security+page@brmbl.io

This will page the SEOC. The SEOC will engage in the relevant issue within the appropriate SLA. If the SLA is breached, the Security Manager On-Call (SMOC) will be paged.

Paging the SEOC creates a new issue to track the incident being reported. Please provide as much detail as possible in this issue to aid the SEOC in their investigation of the incident.

The SEOC will typically respond to the page within 15 minutes and may have questions which require synchronous communication from the incident reporter. It is important when paging the SEOC that the incident reporter be prepared and available for this synchronous communication in the initial stage of the incident response.