Incident Response Lead

Our 2025 Cyber Claims Report is out now!

As an Incident Response Lead your mandate is to protect our customers from loss by guiding teams of incident responders in digital forensics and incident response engagements with a wide variety of consumers. As a part of this mandate you will assist Coalition’s consumers through data breaches and claims events, guiding incident response efforts with our consumers and partners. You will own engagement planning, implementation, and communication, guiding and advising customers and their legal counsel. Incident Response Leads are also asked to provide advice on topics ranging from security architecture and cloud security to data protection and compliance.

Our team is composed of bright minds across many cybersecurity domains, with expertise in Incident Response, Threat Intelligence, Security Architecture, Cyber Risk Management, Security Strategy, Controls, Compliance, and Governance. We need you to be a self-starter, assured with consumers, and passionate about customer service. You will need to be able to drive the investigation of ransomware and business email compromise cases from scoping to report delivery.

• Drive incident response engagements to guide our customers through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations.
• Coordinate and guide incident response assistance from team members and vendors
• Investigate customer data breaches and malicious activity leveraging forensics tools; analyze Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs); examine firewall, web, database, and other log sources to identify evidence of malicious activity.
• Lead proactive cybersecurity advisory and consulting engagements such as:
• Tabletop Exercises: lead and facilitate tabletop exercises designed to simulate real-world cyber incidents, helping clients enhance their incident response preparedness and resilience.
• Assessments: conduct comprehensive cybersecurity assessments to evaluate clients' security postures, identify vulnerabilities, and provide actionable recommendations for improvement.
• Documentation Reviews: evaluate and refine clients' incident response plans, policies, and procedures to ensure they align with industry best practices and regulatory requirements.
• Strategic Guidance and Client Engagement:
• Advisory Role: Provide strategic guidance to clients on enhancing their security architectures, cloud security strategies, and compliance frameworks such as NIST, HIPAA, and PCI.
• Long-Term Remediation: Beyond immediate incident containment, collaborate with clients to develop and implement longer-term remediation strategies to strengthen their security postures.
• Process Enhancement: Contribute to the refinement and improvement of internal processes, methodologies, and service offerings based on your consulting insights and industry expertise.
• Provide case reporting as required across internal and external audiences with the appropriate technical level of detail for threat researchers and/or business customers.
• Evaluate customer security programs, technologies, controls, and business environments; recommend and develop enhancements.
• Provide recommendations on solutions to help customers navigate information security risk.
• Track emerging security practices and contribute to building internal processes, and our various products.
• Stay abreast of the current regulatory environment, industry trends and related implications.

• Bachelor’s Degree in Computer Science, Information Security, Engineering, or other relevant subjects.
• Minimum of 5+ years of incident response or digital forensics experience.
• Demonstrated practiced knowledge of the lifecycle of network threats, attacks, attack vectors, and methods of exploitation with a knowledge of intrusion set tactics, techniques, and procedures.
• Consultative Approach: Ability to effectively communicate complex technical concepts to non-technical stakeholders and provide actionable recommendations.
• Analytical Skills: Proficiency in analyzing security programs, technologies, and environments to identify gaps and recommend enhancements.
• Regulatory Knowledge: Familiarity with regulatory requirements and frameworks (e.g., NIST, HIPAA, PCI) is essential for advising clients on compliance issues.
• Project Management: Experience managing multiple projects simultaneously, from initial scoping through to final deliverables, ensuring high-quality results and client satisfaction.
• Knowledge of TCP/IP Protocols, network assessment and network/security applications, including log and network traffic capture assessment.
• Experience with Velociraptor, Axiom, FTK, SIFT, Volatility, ELK, WireShark, Plaso, Skadi or other open source forensic/log analysis/network assessment tools.
• Experience with EDR tools like CrowdStrike Falcon, Carbon Black, Sentinel One, etc.
• Knowledge of industry standard frameworks – NIST, HIPAA, PCI.
• Self-motivated; entrepreneurial spirit; comfortable working in a , dynamic environment.
• Aptitude to learn technical concepts/terms, and aptitude to guide multiple tasks/projects simultaneously.
• Experience deploying tools to AWS and familiarity using Cloud based platform for assessment.

• Security policy, governance, privacy or regulatory experience (e.g., NIST, ISO, HIPAA, PCI).
• Experience with system hardening procedures for Windows, Linux, Unix is helpful.Knowledge and/or experience with Nmap, Nessus, Nexpose, Qualys, Burp, Kali, Metasploit, Meterpreter, or other offensive tools is helpful.
• Knowledge of scripting for development of security tools and industry frameworks is helpful.
• SCADA/Control systems network experience is a plus.

Our compensation reflects the cost of labor across several US geographic markets. The US base salary for this position ranges from $130,000/year in our lowest geographic market up to $201,000/year in our highest geographic market. Consistent with applicable laws, an employee's pay within this range is based on a number of factors, which include but are not limited to relevant education, skills, job-related knowledge, qualifications, work experience, credentials, and/or geographic location. Your recruiter can share more on target salary for your location during the interview process. Coalition, Inc. reserves the right to modify this range as needed.

• 100% medical, dental and vision coverage
• Flexible PTO policy
• Annual home office stipend and WeWork access
• Mental & physical health wellness programs (One Medical, Headspace, Wellhub, and more)!
• Competitive compensation and opportunity for advancement

Work at Coalition is centered on the joint mission to Protect the Unprotected. We have built a remote-first, highly inclusive culture that welcomes people from diverse backgrounds. We trust each other to take responsibility, share ownership of outcomes, and put in the work together to protect businesses from digital risk. Coalition’s exceptional growth stems from its ability to address real-world problems for organizations of all sizes while remaining true to our founding values of character, humility, responsibility, purpose, authenticity, and inclusion.

We’re always looking for collaborative, inquisitive individuals to join #OurCoalition.

Coalition is committed to protecting your privacy and handling your personal information responsibly. We collect, use, and store personal information as necessary for the recruitment process and in compliance with applicable privacy laws and regulations in all regions where we operate. We want you to understand what personal information we collect, how we use it, and your rights regarding access, correction, and deletion of your data where applicable. Information submitted, collected, and processed as part of your application is subject to Coalition's Privacy Policy. For further details, please review our full Privacy Policy or contact us with any questions regarding how your information is handled.

Coalition is proud to be an Equal Opportunity employer. Our policy is to provide equal employment opportunities to all individuals, without discrimination or harassment on the basis of any characteristic protected by applicable laws in each country where we operate. This commitment includes, but is not limited to, ensuring equal treatment in recruitment, selection, training, promotion, transfer, compensation, and all other aspects of employment. Coalition does not tolerate discrimination or harassment of any kind, and we are dedicated to fostering an inclusive and supportive workplace.

Coalition is committed to providing reasonable accommodations to qualified individuals with disabilities, including applicants and employees, in accordance with applicable laws and regulations in each country where we operate. Our policy is to support equal opportunity in the hiring process by considering qualified applicants regardless of disability or other protected characteristics, unless providing accommodation would impose an undue hardship or disproportionate burden. If you require accommodation to complete an application, interview, pre-employment testing, or participate in the selection process, please contact us at candidateaccommodations@coalitioninc.com. We also consider all qualified applicants, including those with criminal histories, in line with applicable laws and regulations in each jurisdiction.

To all potential candidates: Coalition primarily does not use third-party recruiting services. Potential candidates will only be contacted by Coalition, Inc. during the recruitment process. You can always verify any opportunity on our official careers page http://www.coalitioninc.com/careers.

To all recruitment agencies: Coalition does not accept unsolicited agency resumes. Do not forward resumes to our email alias, employees, or other physical or virtual organization locations. Coalition is not responsible for any fees related to unsolicited resumes.

First Name *

Last Name *

Email *

Phone *

Location (City)

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile

Website

How did you hear about us? *

Careers website

Current or former employee

Indeed

LinkedIn

Media/ Publication

Networking Event

Other

Social Media

Word of Mouth

Have you ever worked for Coalition before? * Select...

Are you authorized to lawfully work for Coalition in the country to which you are applying? * Select...

Do you now, or will you in the future, require employment visa sponsorship (e.g., H-1B visa, renewals, etc.) to work lawfully for Coalition in the country that you are applying to? * Select...

By clicking "I acknowledge," you agree to our Privacy Policy and data processing. Providing accurate information is essential, as any dishonesty may lead to rejection of an application or termination. * Select...

This is not required to submit your application.

Coalition values diversity. To ensure that we comply with reporting requirements and to learn more about how we can increase diversity in our candidate pool, we invite you to voluntarily provide demographic information in a confidential survey at the end of this application. Providing this information is optional. It will not be accessible or used in the hiring process and has no effect on your opportunity for employment.The information obtained will be confidential and may only be used under applicable local, state, and federal law, executive orders, and regulations.

Which of the following best describes your gender? Select...

Which of the following best describes your racial or ethnic identity? Select...