Senior Incident Response Analyst

About us

Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. Founded in 2017, Coalition combines comprehensive insurance coverage and innovative cybersecurity tools to help businesses manage and mitigate potential cyberattacks.   

Opportunities to make an impact with bold thinking are real—and happening daily at Coalition.

About the role

Responsibilities

• Lead digital forensics and incident response investigations from initial scoping through recovery, reporting, and case closure.


• Analyze cloud, email, endpoint, network, and web artifacts to reconstruct attacker activity and determine scope and impact.


• Produce clear forensic reports and present findings to insureds, counsel, brokers, and internal stakeholders.


• Coordinate response efforts with cross-functional partners, including CIR, Claims, MDR, security engineering, and external vendors.


• Improve CIR UK playbooks, operating procedures, and proactive services such as tabletop exercises.


• Support follow-the-sun response coverage by contributing to North American and Australian cases during UK business hours.

Skills and Qualifications

• You have substantial hands-on DFIR experience and can independently lead investigations with sound judgment and clear ownership.


• You bring strong Windows and Linux forensics skills, with the ability to collect, analyze, and explain evidence in a defensible way.


• You have deep experience investigating Microsoft 365, email compromise, and cloud-based attack activity.


• You can analyze logs and telemetry across networks, perimeter technologies, EDR platforms, and other security tools to build accurate incident timelines.


• You are comfortable communicating with both technical and non-technical audiences, including presenting findings and recommendations clearly under pressure.


• You work effectively across teams and know how to partner with internal stakeholders, external counsel, vendors, and customers during fast-moving incidents.


• You can balance investigative depth with practical business needs, helping organizations make informed decisions during high-stress situations.


• You are motivated by building repeatable processes, sharing lessons learned, and improving how incident response is delivered over time.

Bonus Points 

• Experience with macOS forensics.


• Experience with website forensics, especially WordPress or similar platforms.


• Familiarity with forensic investigations in AWS, Google Cloud, or other major cloud environments.


• Understanding of UK privacy or regulatory considerations and how they affect incident response decision-making.


• Experience with scripting or automation to improve forensic workflows and operational efficiency.

Perks

• 100% medical coverage, including outpatient care


• Life insurance 


• 25+ paid holidays


• Annual home office stipend


• 7% employer pension contribution


• Mental and physical health wellness programs like Headspace, Wellhub


• Competitive compensation and opportunity for advancement


•