Incident Response Lead (Canada)

About Us

Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. Founded in 2017, Coalition combines broad insurance coverage with a digital risk assessment and continuous security monitoring to help organizations protect themselves in today’s hyper-connected world.

Coalition offers its Active Insurance products in the U.S., U.K., and Canada through relationships with leading global insurers including Allianz, Arch Insurance, Lloyd’s of London, Swiss Re and Zurich, as well as cyber capacity through its own carrier, Coalition Insurance Company. Coalition's Active Risk Platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses worldwide remain resilient against cyber attacks.

Coalition comprises a team of cybersecurity and technology experts, as well as experienced insurance professionals, who have come together to build a world-class organization with a massive technological advantage. Our secret sauce is bringing these expertise together to create a world-class organization with one mission: to protect the unprotected as the world digitizes. Today, Coalition is one of the world’s largest commercial insurtechs serving hundreds of thousands of customers worldwide.

Since its founding, Coalition has raised $755 million in equity funding, including $250 million in June 2022, affirming its ability to deliver profitable growth and cementing its position as a long-term business with a clear competitive advantage.

Coalition’s exceptional growth stems from its ability to address real-world problems for organizations of all sizes, and by remaining true to our founding values of character, humility, responsibility, purpose, authenticity and inclusion. We are proud to have been named among Inc.’s Best Workplaces in 2021 and 2023, and one of Fast Company’s Most Innovative Companies in 2022.

Responsibilities

• Drive incident response engagements to guide our customers through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations.
• Track emerging security practices and contribute to building internal processes, and our various products.
• Evaluate customer security programs, technologies, controls, and business environments; recommend and develop enhancements.
• Coordinate and guide incident response assistance from team members and vendors
• Investigate customer data breaches and malicious activity leveraging forensics tools; analyze Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs); examine firewall, web, database, and other log sources to identify evidence of malicious activity.
• Stay abreast of the current regulatory environment, industry trends and related implications.
• Provide recommendations on solutions to help customers navigate information security risk.
• Provide case reporting as required across internal and external audiences with the appropriate technical level of detail for threat researchers and/or business customers.

Skills And Qualifications

• 5+ years of incident response or digital forensics experience.
• Aptitude to learn technical concepts/terms, and aptitude to guide multiple tasks/projects simultaneously.
• Demonstrated practiced knowledge of the lifecycle of network threats, attacks, attack vectors, and methods of exploitation with a knowledge of intrusion set tactics, techniques, and procedures.
• Experience with EDR tools like CrowdStrike Falcon, Carbon Black, Sentinel One, etc.
• Strong interactive communication skills (verbal & written).
• Knowledge of TCP/IP Protocols, network assessment and network/security applications, including log and network traffic capture assessment.
• Bachelor’s Degree in Computer Science, Information Security, Engineering, or other relevant subjects.
• Experience with Velociraptor, Axiom, FTK, SIFT, Volatility, ELK, WireShark, Plaso, Skadi or other open source forensic/log analysis/network assessment tools.
• Self-motivated; entrepreneurial spirit; comfortable working in a dynamic environment.
• Knowledge of industry standard frameworks – NIST, HIPAA, PCI.
• Experience deploying tools to AWS and familiarity using Cloud based platform for assessment.

Additional Skills And Qualifications

• Knowledge in project management
• Contribute to thought guidance within the DFIR industry
• Experience to learn new technologies and concepts and comfortable using command-line interfaces
• Experience to handle and work with consumers through high priority scenarios
• Customer oriented with a strong interest in consumer satisfaction
• Flexibility with your work schedule in times of urgent response needs
• Experience guiding teams of highly motivated analysts
• Excellent critical thinking skills with the experience to diagnose and troubleshoot technical issues
• Communicate highly technical information to a non-technical audience
• Foster a positive work environment and attitude

Bonus Points

• Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.).
• GCIH, GCIA, GCFA, GCFE, ACE, EnCE, CFCE, CISSP, or similar
• Security policy, governance, privacy or regulatory experience (e.g., NIST, ISO, HIPAA, PCI).
• Experience with system hardening procedures for Windows, Linux, Unix is helpful. Knowledge and/or experience with Nmap, Nessus, Nexpose, Qualys, Burp, Kali, Metasploit, Meterpreter, or other offensive tools is helpful.
• SCADA/Control systems network experience is a plus.
• Knowledge of scripting for development of security tools and industry frameworks is helpful.

Why Coalition?

We’re a highly fulfilling, mission-driven team who is committed to building a more diverse and inclusive culture. We want to work with people of all different backgrounds and paths in life, and we trust our team members to take responsibility, share ownership and put in the work, no matter how small the task. We are always looking for collaborative, inquisitive and dedicated individuals to join #OurCoalition and help us on our mission to solve digital risk.

Recent press releases:

To learn more, check out our featured press releases:

• Coalition launches tech-powered executive risks products with personalized risk assessment for all US small-businesses
• Coalition Launches Active Insurance, Reaches $650M Run Rate GWP
• Coalition Named to Fast Company’s Annual List of of the World’s Most Innovative Companies for 2022
• Coalition Closes $250 Million in Series F Funding, Valuing the Cyber Insurance Provider at $5 Billion

Coalition's very foundation is built on respecting and encouraging diversity and inclusion across the organization. Coalition is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Coalition is committed to ensuring that our hiring process is accessible for persons with disabilities. If you have a disability or limitation, such as those covered by the Americans with Disabilities Act, that requires accommodations to assist you in the search and application process, please email us at [email protected].

For CA residents, please view important privacy information here. For EU residents, you can view GDPR information here. For any questions regarding CCPA or GDPR, please contact us at [email protected].