Incident Response Lead

Canada - remote /
Incident Response – Incident Response /
About Us:

Coalition is the leading provider of cyber insurance and security, combining comprehensive insurance and proactive cybersecurity tools to help businesses manage and mitigate cyber risk. Coalition’s unique product offerings combine best-in-class insurance and proactive cybersecurity tools to help keep businesses safe. Cyber losses cost the global economy upwards of $1.5 trillion each year, and yet the majority of businesses are under-insured and under-prepared to manage and mitigate the risks of an increasingly digital world. Coalition is addressing this gap by providing no-cost cybersecurity tools to prevent losses, security and incident response services to contain them, and comprehensive cyber insurance to help organizations recover. We have over 25,000 customers, ranging from small and mid-sized businesses to Fortune 500 companies. 

Founded in 2017, Coalition has raised $125M from a number of top tier global investment firms including Ribbit Capital, Greenoaks Capital, Valor Equity Partners, Felicis Ventures, and Vy Capital.  Headquartered in San Francisco, Coalition’s team is distributed across more than 15 locations globally, including Austin, Washington DC, Denver, Canada and Portugal.

About the role:

Our team is composed of bright minds across many cybersecurity domains, with expertise in Incident Response, Threat Intelligence, Security Architecture, Cyber Risk Management, Security Strategy, Controls, Compliance, and Governance. As an Incident Response Lead your mandate is to protect our customers from loss.  As a part of this mandate you might find yourself investigating data breaches and claims events, leading incident response efforts with our clients and partners, in addition to working across our client base on topics ranging from security architecture and cloud security to data protection and compliance.  We need you to be a self-starter, confident with clients.  You will need to be able to investigate a ransomware or business email compromise case from scoping to report delivery with minimal support.


    • Lead incident response engagements to guide our customers through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations.
    • Investigate customer data breaches and malicious activity leveraging forensics tools; analyze Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs); examine firewall, web, database, and other log sources to identify evidence of malicious activity.
    • Provide case reporting as required across internal and external audiences with the appropriate technical level of detail for threat researchers and/or business customers.
    • Evaluate customer security programs, technologies, controls, and business environments; recommend and develop enhancements.
    • Provide recommendations on solutions to help customers manage information security risk.
    • Track emerging security practices and contribute to building internal processes, and our various products.
    • Stay abreast of the current regulatory environment, industry trends and related implications.


    • Bachelor’s Degree in Computer Science, Information Security, Engineering, or other relevant subjects.
    • Minimum of 5+ years of incident response or digital forensics experience.
    • Demonstrated expert understanding of the lifecycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures.
    • Knowledge of TCP/IP Protocols, network analysis and network/security applications, including log and network traffic capture analysis.
    • Experience with Axiom (desired), FTK, SIFT, Volatility, ELK, WireShark, Plaso, Velociraptor, Skadi or other open source forensic/log analysis/network analysis tools.
    • Experience with EDR tools like CrowdStrike Falcon, Carbon Black, Sentinel One, etc.
    • Knowledge of industry standard frameworks – NIST, HIPAA, PCI.
    • Self-motivated; entrepreneurial spirit; comfortable working in a fast-paced, dynamic environment.
    • Strong interpersonal communication skills (verbal & written).
    • Aptitude to learn technical concepts/terms, and ability to manage multiple tasks/projects simultaneously.
    • Experience deploying tools to AWS and familiarity using Cloud based platform for analysis.

Bonus Points

    • Security policy, governance, privacy or regulatory experience (e.g., NIST, ISO, HIPAA, PCI).
    • Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.). Experience with system hardening procedures for Windows, Linux, Unix is helpful.
    • Knowledge and/or experience with Nmap, Nessus, Nexpose, Qualys, Burp, Kali, Metasploit, Meterpreter, or other offensive tools is helpful.
    • Knowledge of scripting for development of security tools and industry frameworks is helpful.
    • SCADA/Control systems network experience a plus.


    • Enjoy a highly fulfilling, mission-driven culture
    • Health, dental, and vision benefits for you and your family
    • Life insurance and disability benefits
    • Paid Parental Leave
    • 401(k) plan
    • Wellness and commuter benefits
    • Flexible working hours
    • Open vacation days
    • We embrace distributed work; some benefits will vary by location
    • You are an owner! We offer stock options to each of our employees 
    • More details at
Why Coalition?

 We are all here to build something we believe in and to make a company that will last. We’re also assembling a team of expert incident responders, threat and malware researchers, and security analysts to protect our customers before, during, and after a cyber incident. Our goal is to harness the power of technology with the safety of insurance, to provide the first holistic solution to cyber risk. Coalition's culture is one that strongly values humility, authenticity, and diversity. We want to work with people of different backgrounds and different paths in life, and we trust our team members to take responsibility, share ownership and work for one another. We are always looking for collaborative, inquisitive and dedicated individuals to join our team.
Recent press releases:
Coalition is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.