Senior Incident Response Analyst

About us

Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. Founded in 2017, Coalition combines broad insurance coverage with a digital risk assessment and continuous security monitoring to help organizations protect themselves in today’s hyper-connected world.

Opportunities to make an impact with bold thinking are real - and happening daily.

Responsibilities

• Work under the direction of IR lead and outside counsel to conduct IR investigations
• Fulfill consumer requests and resolve incidents received via e-mail or internal ticketing systems in a timely and detail-oriented manner
• Guide all consumer interactions professionally with a strong emphasis on consumer satisfaction
• Assess and assess security incidents and escalate to appropriate internal teams for additional assistance
• Triage and scope incidents for prospective consumers to identify the DFIR objectives and magnitude of effort involved to satisfy objectives
• Provide strategic, relevant, and achievable recommendations to help advance the security posture of organizations during and after an incident
• Communicate effectively with consumers (executives and IT) on the topics of incident type, remediation, forensics and assessment
• Perform host and network-based forensics across Windows, Mac, and Linux platforms as well as cloud environments
• Deliver high-quality written and verbal reports, recommendations, and findings to key stakeholders including consumers and legal counsel
• Participate in, or work directly on additional projects, assignments, or initiatives as required
• Mentor and coach team members and work effectively as part of team unit
• Develop, evaluate and utilize novel methods to hunt for indicators of compromise and perform assessment across large sets of data
• Assist in the development of internal guidelines, playbooks and knowledge base
• Demonstrate industry thought guidance through blog posts and occasional public speaking events

Skills and Qualifications

• 3-5 years of professional experience (2 years directly related to IR or functional area) or equivalent combination of education and experience
• Bachelor's degree in digital forensics, cybersecurity, computer science, information systems or similar field
• Working as part of a team in a remote matrixed consulting environment
• Incident Response: conducting or overseeing IR investigations for organizations, answering to opportunistic and targeted threats such as BECs, FTFs, ransomware and APTs
• Digital Forensic Analysis: a background in using different forensic assessment tools in incident response investigations to ascertain the extent and scope of compromise and possessing creativity and reason in approaching intricate forensic problems
• Incident Remediation: strong knowledge of opportunistic and targeted attacks and aptitude to generate customized strategic and tactical remediation plans for consumers
• Network Forensic Analysis: strong knowledge of networking protocols, network assessment tools, and aptitude to perform assessment of associated network logs
• SOC and EDR: experience with EDR solutions and leveraging detections and analytics to mitigate threats appropriately
• Possessing a knowledge of secure network architecture and a strong knowledge of networking fundamentals
• Cloud Incident Response: knowledge in AWS, Azure, GCP incident response strategies

Bonus Points 

• Excellent critical thinking skills with the experience to diagnose and troubleshoot technical issues
• Customer oriented with a strong interest in consumer satisfaction
• Experience to learn new technologies and concepts and comfortable using command-line interfaces
• Experience guiding teams of highly motivated analysts
• Communicate highly technical information to a non-technical audience
• Experience to handle and work with consumers through high priority scenarios
• Knowledge in project management
• Foster a positive work environment and attitude
• Flexibility with your work schedule in times of urgent response needs
• Contribute to thought guidance within the DFIR industry
• GCIH, GCIA, GCFA, GCFE, ACE, EnCE, CFCE, CISSP, or similar

Why Coalition? 

We’re a remote-first, mission-driven team committed to building a more inclusive culture with people of all different backgrounds. We trust our team members to take responsibility, share ownership, and put in the work to help us in our pursuit to solve digital risk.

Coalition’s exceptional growth stems from its ability to address real-world problems for organizations of all sizes and remain true to our founding values of character, humility, responsibility, purpose, authenticity, and inclusion. We are proud to have been named among Inc.’s Best Workplaces in 2021 and  2023 and one of Fast Company’s Most Innovative Companies in 2022.

We’re always looking for collaborative, inquisitive individuals to join #OurCoalition.

Visit our Newsroom >

Privacy Notice

Coalition is committed to protecting your privacy. We want you to understand what personal information we collect and how we use it. We also want you to understand your options regarding our collection, use, and disclosure of such information and your ability to access and correct such information. As the leading provider of active insurance, Coalition is required to adhere to certain local regulations, including U.S. federal and state laws that protect your information and our use and disclosure of it.

Information submitted, collected, and processed as part of your application is subject to Coalition's Privacy Policy.

Anti-Discrimination Notice

Coalition is proud to be an Equal Opportunity employer. It is our policy to provide equal opportunity to all individuals seeking employment without regard to race, color, religion, religious creed, national origin, age, sex, marital status, ancestry, physical or mental disability, military or veteran status, gender, gender identity, gender expression, sexual orientation, medical condition, genetic information, or any other protected category under federal, state, or local law. We also prohibit harassment or discrimination of applicants based on the above-protected categories. This policy covers all aspects of employment, including but not limited to, recruitment, selection, training, promotion, transfer, compensation, demotion, and termination of employment.

Accommodations

Coalition complies with US federal and state disability laws. Our policy is to provide reasonable accommodations to qualified individuals with disabilities, including applicants and employees unless the accommodation imposes an undue hardship. Contact us by emailing candidateaccommodations@coalitioninc.com if you require reasonable accommodation to complete this application, interview, pre-employment testing, or participating in the employee selection process.

We consider qualified applicants, regardless of criminal histories, consistent with legal requirements.

To all recruitment agencies: Coalition does not accept unsolicited agency resumes. Do not forward resumes to our email alias, employees, or other physical or virtual organization locations. Coalition is not responsible for any fees related to unsolicited resumes.