Senior Incident Response Analyst

<div class="content-intro"><h4><span style="color: rgb(0, 0, 0);">About us</span></h4> <p>Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. Founded in 2017, Coalition combines comprehensive insurance coverage and innovative cybersecurity tools to help businesses manage and mitigate potential cyberattacks.&nbsp;&nbsp;&nbsp;</p> <p>Opportunities to make an impact with bold thinking are real—and happening daily at Coalition.</p></div><h4><span style="color: rgb(0, 0, 0);">About the role</span></h4> <div><span style="color: rgb(0, 0, 0);">Coalition Incident Response (CIR) Australia is hiring a Senior Incident Response Analyst to lead high-impact digital forensics and incident response investigations for our insureds. You will guide organisations through business email compromise, ransomware, data theft, and other cyber incidents, from initial scoping through recovery and reporting. In this role, you will partner closely with the local IR Lead, external breach counsel, Coalition Claims, MDR, and our security engineering teams to help organisations navigate some of their worst days with confidence and clarity.</span></div> <h4><span style="color: rgb(0, 0, 0);">Responsibilities</span></h4> <ul> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Lead end-to-end incident response engagements, from intake and scoping through evidence collection, analysis, containment, remediation guidance, and closure.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Perform digital forensics across endpoints, email platforms, networks, websites, and cloud services to reconstruct attacker activity and determine scope and impact.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Investigate Microsoft 365 and other cloud environments for account compromise, data access, mail flow abuse, and configuration weaknesses.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Produce clear, defensible forensic reports and executive-ready summaries that describe what happened, how it happened, and what to do next.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Facilitate client and counsel calls, including findings briefings, remediation recommendations, and post-incident lessons-learned discussions.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Contribute to Australia-specific IR processes, playbooks, and active services (such as tabletop exercises), and participate in our global follow-the-sun coverage model.</span></li> </ul> <h4><span style="color: rgb(0, 0, 0);">Skills and Qualifications</span></h4> <ul> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Substantial hands-on DFIR experience, including leading complex investigations as the primary analyst and client point of contact.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Strong technical foundation in Windows and Linux forensics, including acquisition, timeline analysis, and investigation of common attacker techniques (macOS experience a plus).</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Proven experience with Microsoft 365 email and cloud forensics, including mailbox and audit log review, OAuth and mailbox rule abuse, and common phishing/BEC scenarios.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Ability to investigate web and application compromises, with particular familiarity with WordPress or similar CMS platforms.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Experience working with network, perimeter, and authentication logs, as well as EDR and related security tooling, to identify and track malicious activity.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Excellent written and verbal communication skills, with a track record of translating complex technical findings into clear guidance for non-technical stakeholders, including executives and legal counsel.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Comfort operating in a fast-paced environment with multiple concurrent cases, balancing urgency with thoughtful, high-quality analysis and documentation.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Familiarity with Australian privacy and regulatory requirements, and how they influence breach assessment, notification, and documentation in incident response, is strongly preferred.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Programming or scripting experience (e.g., Python, PowerShell) to automate analysis, evidence collection, or reporting is a plus.</span></li> </ul> <h4><span style="color: rgb(0, 0, 0);">Bonus Points</span></h4> <ul> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Experience handling incidents in an insurance, MSSP, or DFIR consulting context, particularly in the Australian market.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Prior experience working in a globally distributed or follow-the-sun IR team.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Exposure to forensics and log analysis in AWS, Google Cloud, and other major SaaS platforms.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Experience designing or delivering proactive IR offerings such as tabletop exercises, readiness assessments, or playbook development.</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Demonstrated contributions to improving DFIR processes, tooling, or automation within a prior team.</span></li> </ul> <h4><span style="color: rgb(0, 0, 0);">Perks</span></h4> <ul data-stringify-type="unordered-list" data-indent="0" data-border="0"> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">100% medical coverage, including outpatient and emergency care</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">20+ paid holidays</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">12% employer pension contribution</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Annual home office stipend</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Mental &amp; physical health wellness programs</span></li> <li style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Competitive compensation and opportunity for advancement</span></li> </ul><div class="content-conclusion"><h4><span style="color: rgb(0, 0, 0);">Why Coalition?&nbsp;</span></h4> <p>Work at Coalition is centered on the joint mission to Protect the Unprotected. We have built a remote-first, highly inclusive culture that welcomes people from diverse backgrounds. We trust each other to take responsibility, share ownership of outcomes, and put in the work together to protect businesses from digital risk. Coalition’s exceptional growth stems from its ability to address real-world problems for organizations of all sizes while remaining true to our founding values of character, humility, responsibility, purpose, authenticity, and inclusion.</p> <p>We’re always looking for collaborative, inquisitive individuals to join #OurCoalition.</p> <p><a class="waffle-rich-text-link" href="https://www.coalitioninc.com/newsroom" target="_blank">Visit our Newsroom &gt;&nbsp;</a></p> <h4><span style="color: rgb(0, 0, 0);">Privacy Notice</span></h4> <p>Coalition is committed to protecting your privacy and handling your personal information responsibly. We collect, use, and store personal information as necessary for the recruitment process and in compliance with applicable privacy laws and regulations in all regions where we operate. We want you to understand what personal information we collect, how we use it, and your rights regarding access, correction, and deletion of your data where applicable. Information submitted, collected, and processed as part of your application is subject to Coalition's Privacy Policy. For further details, please review our full Privacy Policy or contact us with any questions regarding how your information is handled.</p> <p><a class="waffle-rich-text-link" href="https://www.coalitioninc.com/legal/privacy" target="_blank">Our Privacy Policy &gt;&nbsp;</a></p> <h4><strong>Safe Hiring Notice</strong></h4> <p>All legitimate communication from Coalition comes from @coalitioninc.com emails, and open roles are listed only on our <a href="https://www.coalitioninc.com/careers">Careers page</a>. We never ask for payment, banking details, or personal identification before an offer is accepted through our secure systems. If you believe you’ve been a victim of fraudulent recruiting, follow guidance from the&nbsp;<a href="https://consumer.ftc.gov/articles/what-do-if-you-were-scammed">Federal Trade Commission</a> (FTC).</p> <h4><strong>Anti-Discrimination Notice</strong></h4> <p>Coalition is proud to be an Equal Opportunity employer. Our policy is to provide equal employment opportunities to all individuals, without discrimination or harassment on the basis of any characteristic protected by applicable laws in each country where we operate. This commitment includes, but is not limited to, ensuring equal treatment in recruitment, selection, training, promotion, transfer, compensation, and all other aspects of employment. Coalition does not tolerate discrimination or harassment of any kind, and we are dedicated to fostering an inclusive and supportive workplace.</p> <h4><span style="color: rgb(0, 0, 0);">Accommodations</span></h4> <p>Coalition is committed to providing reasonable accommodations to qualified individuals with disabilities, including applicants and employees, in accordance with applicable laws and regulations in each country where we operate. Our policy is to support equal opportunity in the hiring process by considering qualified applicants regardless of disability or other protected characteristics, unless providing accommodation would impose an undue hardship or disproportionate burden. If you require accommodation to complete an application, interview, pre-employment testing, or participate in the selection process, please contact us at <a href="mailto:candidateaccommodations@coalitioninc.com" target="_blank">candidateaccommodations@coalitioninc.com</a>. We also consider all qualified applicants, including those with criminal histories, in line with applicable laws and regulations in each jurisdiction.</p> <p><span style="color: rgb(0, 0, 0);"><strong>To all recruitment agencies:</strong> Coalition does not accept unsolicited agency resumes. Do not forward resumes to our email alias, employees, or other physical or virtual organization locations. Coalition is not responsible for any fees related to unsolicited resumes.</span></p></div>