Coalition

Senior Incident Response Analyst

Coalition

ApplySave Job

  • Date Posted

    Today

    New!

  • Remote Work Level

    100% Remote

  • Location

    Remote in Australiaaustralia.png

  • Job Schedule

    Full-Time

  • Salary

    We're sorry, the employer did not include salary information for this job.

  • Benefits

    Health Insurance Retirement Savings Paid Holidays Career Development

  • Categories

    Cyber SecurityConsultingInsuranceProduct ManagerProject ManagerPython

  • Job Type

    Employee

  • Career Level

    Experienced

  • Travel Required

    No specification

  • Education Level

    We're sorry, the employer did not include education information for this job.

About the Role

Title: Senior Incident Response Analyst

Location: Any location, Australia Remote

Job Description:

About us

Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. Founded in 2017, Coalition combines comprehensive insurance coverage and innovative cybersecurity tools to help businesses manage and mitigate potential cyberattacks.   

Opportunities to make an impact with bold thinking are real—and happening daily at Coalition.

About the role

Coalition Incident Response (CIR) Australia is hiring a Senior Incident Response Analyst to lead high-impact digital forensics and incident response investigations for our insureds. You will guide organisations through business email compromise, ransomware, data theft, and other cyber incidents, from initial scoping through recovery and reporting. In this role, you will partner closely with the local IR Lead, external breach counsel, Coalition Claims, MDR, and our security engineering teams to help organisations navigate some of their worst days with confidence and clarity.

Responsibilities

  • Lead end-to-end incident response engagements, from intake and scoping through evidence collection, analysis, containment, remediation guidance, and closure.
  • Perform digital forensics across endpoints, email platforms, networks, websites, and cloud services to reconstruct attacker activity and determine scope and impact.
  • Investigate Microsoft 365 and other cloud environments for account compromise, data access, mail flow abuse, and configuration weaknesses.
  • Produce clear, defensible forensic reports and executive-ready summaries that describe what happened, how it happened, and what to do next.
  • Facilitate client and counsel calls, including findings briefings, remediation recommendations, and post-incident lessons-learned discussions.
  • Contribute to Australia-specific IR processes, playbooks, and active services (such as tabletop exercises), and participate in our global follow-the-sun coverage model.

Skills and Qualifications

  • Substantial hands-on DFIR experience, including leading complex investigations as the primary analyst and client point of contact.
  • Strong technical foundation in Windows and Linux forensics, including acquisition, timeline analysis, and investigation of common attacker techniques (macOS experience a plus).
  • Proven experience with Microsoft 365 email and cloud forensics, including mailbox and audit log review, OAuth and mailbox rule abuse, and common phishing/BEC scenarios.
  • Ability to investigate web and application compromises, with particular familiarity with WordPress or similar CMS platforms.
  • Experience working with network, perimeter, and authentication logs, as well as EDR and related security tooling, to identify and track malicious activity.
  • Excellent written and verbal communication skills, with a track record of translating complex technical findings into clear guidance for non-technical stakeholders, including executives and legal counsel.
  • Comfort operating in a fast-paced environment with multiple concurrent cases, balancing urgency with thoughtful, high-quality analysis and documentation.
  • Familiarity with Australian privacy and regulatory requirements, and how they influence breach assessment, notification, and documentation in incident response, is strongly preferred.
  • Programming or scripting experience (e.g., Python, PowerShell) to automate analysis, evidence collection, or reporting is a plus.

Bonus Points

  • Experience handling incidents in an insurance, MSSP, or DFIR consulting context, particularly in the Australian market.
  • Prior experience working in a globally distributed or follow-the-sun IR team.
  • Exposure to forensics and log analysis in AWS, Google Cloud, and other major SaaS platforms.
  • Experience designing or delivering proactive IR offerings such as tabletop exercises, readiness assessments, or playbook development.
  • Demonstrated contributions to improving DFIR processes, tooling, or automation within a prior team.

Perks

  • 100% medical coverage, including outpatient and emergency care
  • 20+ paid holidays
  • 12% employer pension contribution
  • Annual home office stipend
  • Mental & physical health wellness programs
  • Competitive compensation and opportunity for advancement

Why Coalition? 

Work at Coalition is centered on the joint mission to Protect the Unprotected. We have built a remote-first, highly inclusive culture that welcomes people from diverse backgrounds. We trust each other to take responsibility, share ownership of outcomes, and put in the work together to protect businesses from digital risk. Coalition’s exceptional growth stems from its ability to address real-world problems for organizations of all sizes while remaining true to our founding values of character, humility, responsibility, purpose, authenticity, and inclusion.

We’re always looking for collaborative, inquisitive individuals to join #OurCoalition.

Apply