Incident Response Lead at Coalition | Powderkeg

Location: United States

Employment Type: Full-time

Team: Incident Response

About Us

Founded in 2017, Coalition is on a mission to solve cyber risk and create a safer digital economy where everyone can thrive. Digital risk is now a part of every business and it’s no longer solely the domain of technical teams. That’s why we combined comprehensive insurance with proactive cybersecurity tools to help organizations stay resilient to digital risks like cyber attacks, funds transfer fraud and much more.

Our team works collaboratively across North America and Europe to prevent security failures and provide both technical and financial help when incidents do occur. Today, Coalition is the world’s largest commercial insurtech serving over 130,000 customers including many small businesses that rely on Coalition to help them chart a path forward in the new digital world.

As of September 2021, Coalition has raised $520 million from leading global technology investors as well as highly-regarded institutional investors including: Index Ventures, Ribbit Capital, Valor Ventures, Durable Capital, T. Rowe Price Advisors, and Whale Rock Capital, valuing the company at more than $3.5 billion.

Coalition has experienced tremendous growth by helping organizations of all sizes solve real-world problems and by remaining true to our founding values of character, humility, responsibility, authenticity and diversity. That’s why we are proud to be named one of Inc’s Best Places to Work in 2021.

About the role

As an Incident Response Lead your mandate is to protect our customers from loss by leading teams of incident responders in fast-paced digital forensics and incident response engagements with a wide variety of clients. As a part of this mandate you will support Coalition’s clients through data breaches and claims events, leading incident response efforts with our clients and partners. You will own engagement planning, execution, and communication, supporting and advising customers and their legal counsel. Incident Response Leads are also asked to provide advice on topics ranging from security architecture and cloud security to data protection and compliance.

Our team is composed of bright minds across many cybersecurity domains, with expertise in Incident Response, Threat Intelligence, Security Architecture, Cyber Risk Management, Security Strategy, Controls, Compliance, and Governance. We need you to be a self-starter, confident with clients, and passionate about customer service. You will need to be able to lead the investigation of ransomware and business email compromise cases from scoping to report delivery.


  • Lead incident response engagements to guide our customers through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations.
  • Coordinate and manage incident response support from team members and vendors
  • Investigate customer data breaches and malicious activity leveraging forensics tools; analyze Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs); examine firewall, web, database, and other log sources to identify evidence of malicious activity.
  • Provide case reporting as required across internal and external audiences with the appropriate technical level of detail for threat researchers and/or business customers.
  • Evaluate customer security programs, technologies, controls, and business environments; recommend and develop enhancements.
  • Provide recommendations on solutions to help customers manage information security risk.
  • Track emerging security practices and contribute to building internal processes, and our various products.
  • Stay abreast of the current regulatory environment, industry trends and related implications.


  • Bachelor’s Degree in Computer Science, Information Security, Engineering, or other relevant subjects.
  • Minimum of 5+ years of incident response or digital forensics experience.
  • Demonstrated expert understanding of the lifecycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures.
  • Knowledge of TCP/IP Protocols, network analysis and network/security applications, including log and network traffic capture analysis.
  • Experience with Velociraptor, Axiom, FTK, SIFT, Volatility, ELK, WireShark, Plaso, Skadi or other open source forensic/log analysis/network analysis tools.
  • Experience with EDR tools like CrowdStrike Falcon, Carbon Black, Sentinel One, etc.
  • Knowledge of industry standard frameworks – NIST, HIPAA, PCI.
  • Self-motivated; entrepreneurial spirit; comfortable working in a fast-paced, dynamic environment.
  • Strong interpersonal communication skills (verbal & written).
  • Aptitude to learn technical concepts/terms, and ability to manage multiple tasks/projects simultaneously.
  • Experience deploying tools to AWS and familiarity using Cloud based platform for analysis.

Bonus Points

  • Security policy, governance, privacy or regulatory experience (e.g., NIST, ISO, HIPAA, PCI).
  • Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.).
  • Experience with system hardening procedures for Windows, Linux, Unix is helpful.Knowledge and/or experience with Nmap, Nessus, Nexpose, Qualys, Burp, Kali, Metasploit, Meterpreter, or other offensive tools is helpful.
  • Knowledge of scripting for development of security tools and industry frameworks is helpful.
  • SCADA/Control systems network experience is a plus.

Why Coalition?

Coalition's culture is one that strongly values humility, authenticity, and diversity. We want to work with people of different backgrounds and different paths in life, and we trust our team members to take responsibility, share ownership and work for one another. We are always looking for collaborative, inquisitive and dedicated individuals to join our team.

Coalition Engineering

Our culture is one of character, humility, responsibility, purpose, and authenticity. We are growing rapidly and that growth is enabled by strong teamwork, communication, and mentorship. We want people who are passionate about becoming experts in both the business and the technologies that support it. Our core platform is written mostly in Python with some services in Java and Go. We prefer to use the right tool for the job and make pragmatic decisions about how to scale and de-couple systems as we continue to grow. We’re looking for someone who can navigate a cloud environment (AWS) with many moving pieces and systems to help the team understand how they fit into the broader puzzle.

**Recent press releases: **

[Coalition Closes $205 Million Series E, Valuing the Cyber Insurance Provider At More Than $3.5 Billion]( funding-and-over-3-5-billion-valuation/)

Coalition is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.


Job Summary
  • Job Title
    Incident Response Lead
  • Company
  • Location
    San Francisco, CA
  • Employment Type
    Full time
Ready to apply?
Ready to apply?