Your browser cookies must be enabled in order to apply for this job. Please contact if you need further instruction on how to do that.

Security Advisory/Incident Response Lead (all offices)

Security | San Francisco, CA | Full Time

Job Description

About Us:

Coalition's mission is to solve cyber risk. We provide cybersecurity tools and up to $10M of insurance coverage to help businesses remain resilient in the face of pervasive and dynamic cyber and technological risks. Our cyber risk management platform encompasses insurance, threat intelligence, patch and vulnerability scanning, DDoS mitigation, ransomware protection, and more. Coalition’s team of engineers, security researchers, incident responders, and insurance personnel protect customers before, during, and after cyber incidents. Our insurance products are backed by Swiss Re, one of the world’s largest (re)insurers, and Argo Group. We are based in San Francisco, although you'll find some of our team in more exotic places.

If you enjoy solving problems at scale (with lots riding on it) we hope you'll consider joining us.

About the role:

The Coalition team is comprised of bright minds across many cybersecurity domains, with expertise in Incident Response, Threat Intelligence, Security Architecture, Cyber Risk Management, Security Strategy, Controls, Compliance, and Governance. As the Security Advisory / Incident Response Lead your mandate is to protect our customers from loss.  As a part of this mandate you might find yourself investigating data breaches and claims events, leading incident response efforts with our clients and partners, conducting security gap analysis assessments, assisting with penetration testing / red-team assessments, or otherwise working across our client base on topics ranging from security architecture and cloud security, to data protection and compliance.  

You will also have an opportunity to work with our product team to codify security best practices into our underwriting algorithms, rating models, and risk management apps.


  • Lead incident response engagements to guide our customers through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations.
  • Investigate customer data breaches and malicious activity leveraging forensics tools; analyze Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs); examine firewall, web, database, and other log sources to identify evidence of malicious activity
  • Evaluate customer security programs, technologies, controls, and business environments; recommend and develop enhancements
  • Assist with developing Information Security Plans and Policies, including those for Incident Response, customized to customer requirements and risk profile.
  • Provide recommendations on solutions to help customers manage information security risk.
  • Track emerging security practices and contribute to building internal processes, and our various products.
  • Stay abreast of the current regulatory environment, industry trends and related implications.


  • Bachelor’s Degree in Computer Science, Information Security, Engineering, or other relevant subjects.
  • Minimum of 2-4 years of incident response or digital forensics experience.
  • Demonstrated expert understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures. 
  • Knowledge of TCP/IP Protocols, network analysis and network/security applications, including log and network traffic capture analysis.
  • Experience with EnCase, FTK, SIFT, Volatility, Splunk, Graylog, ELK/Logstash, WireShark, TCPDump, or other open source forensic/log analysis/network analysis tools.
  • Knowledge of industry standard frameworks – NIST, ISO, HIPAA, PCI.
  • Self-motivated; entrepreneurial spirit; comfortable working in a fast-paced, dynamic environment.
  • Strong interpersonal communication skills (verbal & written).
  • Aptitude to learn technical concepts/terms, and ability to manage multiple tasks/projects simultaneously.

Bonus Points:

  • Security policy, governance, privacy or regulatory experience (e.g., NIST, ISO, HIPAA, PCI).
  • Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.). Experience with system hardening procedures for Windows, Linux, Unix is helpful. 
  • Knowledge and/or experience with Nmap, Nessus, Nexpose, Qualys, Burp, Kali, Metasploit, Meterpreter, Kismet, Aircrack-ng is helpful.
  • Knowledge of programming and scripting for development of security tools and industry frameworks is helpful.
  • SCADA / Control systems network experience a plus.


  • We have lots.  Check them out on our site


  • We are open to hiring a qualified candidate in any of our offices (SF, Washington DC, Boulder).  Qualified remote candidates are also welcome to apply.


Coalition is a security company. A successful background check is required for employment.

Coalition hires the best people based on an evaluation of their abilities and effectiveness. We do not discriminate against employees on the basis of any other personal characteristic or any classification protected by federal, state, or local law.