Location: United States

Employment Type: Full-time

Team: Incident Response

About Us

Founded in 2017, Coalition is on a mission to solve cyber risk and create a safer digital economy where everyone can thrive. Digital risk is now a part of every business and it’s no longer solely the domain of technical teams. That’s why we combined comprehensive insurance with proactive cybersecurity tools to help organizations stay resilient to digital risks like cyber attacks, funds transfer fraud and much more.

Our team works collaboratively across North America and Europe to prevent security failures and provide both technical and financial help when incidents do occur. Today, Coalition is the world’s largest commercial insurtech serving over 130,000 customers including many small businesses that rely on Coalition to help them chart a path forward in the new digital world.

As of September 2021, Coalition has raised $520 million from leading global technology investors as well as highly-regarded institutional investors including: Index Ventures, Ribbit Capital, Valor Ventures, Durable Capital, T. Rowe Price Advisors, and Whale Rock Capital, valuing the company at more than $3.5 billion.

Coalition has experienced tremendous growth by helping organizations of all sizes solve real-world problems and by remaining true to our founding values of character, humility, responsibility, authenticity and diversity. That’s why we are proud to be named one of Inc’s Best Places to Work in 2021.

Responsibilities

• Work under the direction of IR lead and outside counsel to conduct IR investigations
• Fulfill client requests and resolve incidents received via e-mail or internal ticketing systems in a timely and detail-oriented manner
• Manage all client interactions professionally with a strong emphasis on client satisfaction
• Analyze and assess security incidents and escalate to appropriate internal teams for additional assistance
• Triage and scope incidents for prospective clients to understand the DFIR objectives and magnitude of effort involved to satisfy objectives
• Provide strategic, relevant, and achievable recommendations to help advance the security posture of organizations during and after an incident
• Communicate effectively with clients (executives and IT) on the topics of incident type, remediation, forensics and analysis
• Perform host and network-based forensics across Windows, Mac, and Linux platforms as well as cloud environments
• Deliver high-quality written and verbal reports, recommendations, and findings to key stakeholders including clients and legal counsel
• Participate in, or work directly on additional projects, assignments, or initiatives as required
• Mentor and coach team members and work effectively as part of team unit
• Develop, evaluate and utilize novel methods to hunt for indicators of compromise and perform analysis across large sets of data
• Assist in the development of internal guidelines, playbooks and knowledge base
• Demonstrate industry thought leadership through blog posts and occasional public speaking events

Requirements

• 3-5 years of professional experience (2 years directly related to IR or functional area) or equivalent combination of education and experience
• Bachelor's degree in digital forensics, cybersecurity, computer science, information systems or similar field
• Working as part of a team in a remote matrixed consulting environment
• Incident Response: conducting or managing IR investigations for organizations, responding to opportunistic and targeted threats such as BECs, FTFs, ransomware and APTs
• Digital Forensic Analysis: a background in using different forensic analysis tools in incident response investigations to determine the extent and scope of compromise and possessing creativity and logic in approaching complex forensic problems
• Incident Remediation: strong knowledge of opportunistic and targeted attacks and ability to generate customized strategic and tactical remediation plans for clients
• Network Forensic Analysis: strong knowledge of networking protocols, network analysis tools, and ability to perform analysis of associated network logs
• SOC and EDR: experience with EDR solutions and leveraging detections and analytics to mitigate threats appropriately
• Possessing an understanding of secure network architecture and a strong knowledge of networking fundamentals
• Cloud Incident Response: knowledge in AWS, Azure, GCP incident response strategies

Additional Requirements

• Excellent problem-solving skills with the ability to diagnose and troubleshoot technical issues
• Customer oriented with a strong interest in client satisfaction
• Ability to learn new technologies and concepts quickly, and comfortable using command-line interfaces
• Capable of leading teams of highly motivated analysts
• Communicate highly technical information to a non-technical audience
• Ability to handle and work with clients through high stress situations
• Proficiency in project management
• Foster a positive work environment and attitude
• Flexibility with your work schedule in times of urgent response needs
• Contribute to thought leadership within the DFIR industry

Bonus Points

• GCIH, GCIA, GCFA, GCFE, ACE, EnCE, CFCE, CISSP, or similar

Why Coalition?

Coalition's culture is one that strongly values humility, authenticity, and diversity. We want to work with people of different backgrounds and different paths in life, and we trust our team members to take responsibility, share ownership and work for one another. We are always looking for collaborative, inquisitive and dedicated individuals to join our team.

**Recent press releases: **

[Coalition Closes $205 Million Series E, Valuing the Cyber Insurance Provider At More Than $3.5 Billion](https://pulse2.com/coalition-205-million-series-e- funding-and-over-3-5-billion-valuation/)

Coalition is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

#LI-REMOTE