Senior Incident Response Analyst

Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. Founded in 2017, Coalition combines comprehensive insurance coverage and innovative cybersecurity tools to help businesses manage and mitigate potential cyberattacks.   

Opportunities to make an impact with bold thinking are real—and happening daily at Coalition.

• →Lead end-to-end incident response engagements, from intake and scoping through evidence collection, analysis, containment, remediation guidance, and closure.
• →Perform digital forensics across endpoints, email platforms, networks, websites, and cloud services to reconstruct attacker activity and determine scope and impact.
• →Investigate Microsoft 365 and other cloud environments for account compromise, data access, mail flow abuse, and configuration weaknesses.
• →Produce clear, defensible forensic reports and executive-ready summaries that describe what happened, how it happened, and what to do next.
• →Facilitate client and counsel calls, including findings briefings, remediation recommendations, and post-incident lessons-learned discussions.
• →Contribute to Australia-specific IR processes, playbooks, and active services (such as tabletop exercises), and participate in our global follow-the-sun coverage model.

• Substantial hands-on DFIR experience, including leading complex investigations as the primary analyst and client point of contact.
• Strong technical foundation in Windows and Linux forensics, including acquisition, timeline analysis, and investigation of common attacker techniques (macOS experience a plus).
• Proven experience with Microsoft 365 email and cloud forensics, including mailbox and audit log review, OAuth and mailbox rule abuse, and common phishing/BEC scenarios.
• Ability to investigate web and application compromises, with particular familiarity with WordPress or similar CMS platforms.
• Experience working with network, perimeter, and authentication logs, as well as EDR and related security tooling, to identify and track malicious activity.
• Excellent written and verbal communication skills, with a track record of translating complex technical findings into clear guidance for non-technical stakeholders, including executives and legal counsel.
• Comfort operating in a fast-paced environment with multiple concurrent cases, balancing urgency with thoughtful, high-quality analysis and documentation.
• Familiarity with Australian privacy and regulatory requirements, and how they influence breach assessment, notification, and documentation in incident response, is strongly preferred.
• Programming or scripting experience (e.g., Python, PowerShell) to automate analysis, evidence collection, or reporting is a plus.

• Experience handling incidents in an insurance, MSSP, or DFIR consulting context, particularly in the Australian market.
• Prior experience working in a globally distributed or follow-the-sun IR team.
• Exposure to forensics and log analysis in AWS, Google Cloud, and other major SaaS platforms.
• Experience designing or delivering proactive IR offerings such as tabletop exercises, readiness assessments, or playbook development.
• Demonstrated contributions to improving DFIR processes, tooling, or automation within a prior team.

Work at Coalition is centered on the joint mission to Protect the Unprotected. We have built a remote-first, highly inclusive culture that welcomes people from diverse backgrounds. We trust each other to take responsibility, share ownership of outcomes, and put in the work together to protect businesses from digital risk. Coalition’s exceptional growth stems from its ability to address real-world problems for organizations of all sizes while remaining true to our founding values of character, humility, responsibility, purpose, authenticity, and inclusion.

We’re always looking for collaborative, inquisitive individuals to join #OurCoalition.

Visit our Newsroom > 

Coalition is committed to protecting your privacy and handling your personal information responsibly. We collect, use, and store personal information as necessary for the recruitment process and in compliance with applicable privacy laws and regulations in all regions where we operate. We want you to understand what personal information we collect, how we use it, and your rights regarding access, correction, and deletion of your data where applicable. Information submitted, collected, and processed as part of your application is subject to Coalition's Privacy Policy. For further details, please review our full Privacy Policy or contact us with any questions regarding how your information is handled.

Our Privacy Policy > 

All legitimate communication from Coalition comes from @coalitioninc.com emails, and open roles are listed only on our Careers page. We never ask for payment, banking details, or personal identification before an offer is accepted through our secure systems. If you believe you’ve been a victim of fraudulent recruiting, follow guidance from the Federal Trade Commission (FTC).

Coalition is proud to be an Equal Opportunity employer. Our policy is to provide equal employment opportunities to all individuals, without discrimination or harassment on the basis of any characteristic protected by applicable laws in each country where we operate. This commitment includes, but is not limited to, ensuring equal treatment in recruitment, selection, training, promotion, transfer, compensation, and all other aspects of employment. Coalition does not tolerate discrimination or harassment of any kind, and we are dedicated to fostering an inclusive and supportive workplace.

Coalition is committed to providing reasonable accommodations to qualified individuals with disabilities, including applicants and employees, in accordance with applicable laws and regulations in each country where we operate. Our policy is to support equal opportunity in the hiring process by considering qualified applicants regardless of disability or other protected characteristics, unless providing accommodation would impose an undue hardship or disproportionate burden. If you require accommodation to complete an application, interview, pre-employment testing, or participate in the selection process, please contact us at candidateaccommodations@coalitioninc.com. We also consider all qualified applicants, including those with criminal histories, in line with applicable laws and regulations in each jurisdiction.

To all recruitment agencies: Coalition does not accept unsolicited agency resumes. Do not forward resumes to our email alias, employees, or other physical or virtual organization locations. Coalition is not responsible for any fees related to unsolicited resumes.