Senior Incident Response Analyst
External
Coalition · Any Location, UKPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
About the role
Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. Founded in 2017, Coalition combines comprehensive insurance coverage and innovative cybersecurity tools to help businesses manage and mitigate potential cyberattacks. Opportunities to make an impact with bold thinking are real-and happening daily at Coalition. Coalition Incident Response (CIR) UK is hiring a Senior DFIR Analyst to lead digital forensics and incident response investigations for policyholders facing active cyber incidents. In this role, you will investigate threats such as business email compromise, ransomware, data theft, and web compromise, helping organizations move from uncertainty to clear, defensible next steps. You will work closely with the UK IR Lead and cross-functional partners across Claims, MDR, security engineering, and external counsel to deliver high-quality incident response in the UK and across Coalition's global coverage model.
Responsibilities
- Lead digital forensics and incident response investigations from initial scoping through recovery, reporting, and case closure.
- Analyze cloud, email, endpoint, network, and web artifacts to reconstruct attacker activity and determine scope and impact.
- Produce clear forensic reports and present findings to insureds, counsel, brokers, and internal stakeholders.
- Coordinate response efforts with cross-functional partners, including CIR, Claims, MDR, security engineering, and external vendors.
- Improve CIR UK playbooks, operating procedures, and proactive services such as tabletop exercises.
- Support follow-the-sun response coverage by contributing to North American and Australian cases during UK business hours.
Requirements
- You have substantial hands-on DFIR experience and can independently lead investigations with sound judgment and clear ownership.
- You bring strong Windows and Linux forensics skills, with the ability to collect, analyze, and explain evidence in a defensible way.
- You have deep experience investigating Microsoft 365, email compromise, and cloud-based attack activity.
- You can analyze logs and telemetry across networks, perimeter technologies, EDR platforms, and other security tools to build accurate incident timelines.
- You are comfortable communicating with both technical and non-technical audiences, including presenting findings and recommendations clearly under pressure.
- You work effectively across teams and know how to partner with internal stakeholders, external counsel, vendors, and customers during fast-moving incidents.
- You can balance investigative depth with practical business needs, helping organizations make informed decisions during high-stress situations.
- You are motivated by building repeatable processes, sharing lessons learned, and improving how incident response is delivered over time.
- Bonus Points
- Experience with macOS forensics.
- Experience with website forensics, especially WordPress or similar platforms.
- Familiarity with forensic investigations in AWS, Google Cloud, or other major cloud environments.
- Understanding of UK privacy or regulatory considerations and how they affect incident response decision-making.
- Experience with scripting or automation to improve forensic workflows and operational efficiency.
Benefits
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at coalition? Share your experience