Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. Founded in 2017, Coalition combines comprehensive insurance coverage and innovative cybersecurity tools to help businesses manage and mitigate potential cyberattacks.
Opportunities to make an impact with bold thinking are real—and happening daily at Coalition.
- Lead digital forensics and incident response investigations from initial scoping through recovery, reporting, and case closure.
- Analyze cloud, email, endpoint, network, and web artifacts to reconstruct attacker activity and determine scope and impact.
- Produce clear forensic reports and present findings to insureds, counsel, brokers, and internal stakeholders.
- Coordinate response efforts with cross-functional partners, including CIR, Claims, MDR, security engineering, and external vendors.
- Improve CIR UK playbooks, operating procedures, and proactive services such as tabletop exercises.
- Support follow-the-sun response coverage by contributing to North American and Australian cases during UK business hours.
- You have substantial hands-on DFIR experience and can independently lead investigations with sound judgment and clear ownership.
- You bring strong Windows and Linux forensics skills, with the ability to collect, analyze, and explain evidence in a defensible way.
- You have deep experience investigating Microsoft 365, email compromise, and cloud-based attack activity.
- You can analyze logs and telemetry across networks, perimeter technologies, EDR platforms, and other security tools to build accurate incident timelines.
- You are comfortable communicating with both technical and non-technical audiences, including presenting findings and recommendations clearly under pressure.
- You work effectively across teams and know how to partner with internal stakeholders, external counsel, vendors, and customers during fast-moving incidents.
- You can balance investigative depth with practical business needs, helping organizations make informed decisions during high-stress situations.
- You are motivated by building repeatable processes, sharing lessons learned, and improving how incident response is delivered over time.
- Experience with macOS forensics.
- Experience with website forensics, especially WordPress or similar platforms.
- Familiarity with forensic investigations in AWS, Google Cloud, or other major cloud environments.
- Understanding of UK privacy or regulatory considerations and how they affect incident response decision-making.
- Experience with scripting or automation to improve forensic workflows and operational efficiency.
- 100% medical coverage, including outpatient care
- Life insurance
- 25+ paid holidays
- Annual home office stipend
- 7% employer pension contribution
- Mental and physical health wellness programs like Headspace, Wellhub
- Competitive compensation and opportunity for advancement
Work at Coalition is centered on the joint mission to Protect the Unprotected. We have built a remote-first, highly inclusive culture that welcomes people from diverse backgrounds. We trust each other to take responsibility, share ownership of outcomes, and put in the work together to protect businesses from digital risk. Coalition’s exceptional growth stems from its ability to address real-world problems for organizations of all sizes while remaining true to our founding values of character, humility, responsibility, purpose, authenticity, and inclusion.
We’re always looking for collaborative, inquisitive individuals to join #OurCoalition.
Visit our Newsroom >
Privacy NoticeCoalition is committed to protecting your privacy and handling your personal information responsibly. We collect, use, and store personal information as necessary for the recruitment process and in compliance with applicable privacy laws and regulations in all regions where we operate. We want you to understand what personal information we collect, how we use it, and your rights regarding access, correction, and deletion of your data where applicable. Information submitted, collected, and processed as part of your application is subject to Coalition's Privacy Policy. For further details, please review our full Privacy Policy or contact us with any questions regarding how your information is handled.
Our Privacy Policy >
Safe Hiring NoticeAll legitimate communication from Coalition comes from @coalitioninc.com emails, and open roles are listed only on our Careers page. We never ask for payment, banking details, or personal identification before an offer is accepted through our secure systems. If you believe you’ve been a victim of fraudulent recruiting, follow guidance from the Federal Trade Commission (FTC).
Anti-Discrimination NoticeCoalition is proud to be an Equal Opportunity employer. Our policy is to provide equal employment opportunities to all individuals, without discrimination or harassment on the basis of any characteristic protected by applicable laws in each country where we operate. This commitment includes, but is not limited to, ensuring equal treatment in recruitment, selection, training, promotion, transfer, compensation, and all other aspects of employment. Coalition does not tolerate discrimination or harassment of any kind, and we are dedicated to fostering an inclusive and supportive workplace.
AccommodationsCoalition is committed to providing reasonable accommodations to qualified individuals with disabilities, including applicants and employees, in accordance with applicable laws and regulations in each country where we operate. Our policy is to support equal opportunity in the hiring process by considering qualified applicants regardless of disability or other protected characteristics, unless providing accommodation would impose an undue hardship or disproportionate burden. If you require accommodation to complete an application, interview, pre-employment testing, or participate in the selection process, please contact us at [email protected]. We also consider all qualified applicants, including those with criminal histories, in line with applicable laws and regulations in each jurisdiction.
To all recruitment agencies: Coalition does not accept unsolicited agency resumes. Do not forward resumes to our email alias, employees, or other physical or virtual organization locations. Coalition is not responsible for any fees related to unsolicited resumes.
Skills Required
- Hands-on DFIR experience
- Windows and Linux forensics skills
- Experience with Microsoft 365 and cloud-based attacks
- Ability to analyze logs and telemetry
- Strong communication skills for technical and non-technical audiences
- Experience coordinating with internal and external teams
Coalition Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Coalition and has not been reviewed or approved by Coalition.
-
Strong & Reliable Incentives — Incentive structures are described as performance-based, including profit sharing and mechanisms that can materially boost earnings for high performers. Feedback suggests these incentives meaningfully augment base pay for those who excel.
-
Healthcare Strength — Health coverage is positioned as comprehensive for employees, complemented by wellness resources and accounts that support medical spending. Feedback suggests this breadth of coverage enhances overall perceived total rewards.
-
Flexible Benefits — Remote-first flexibility, home office support, and access to coworking spaces complement core compensation. Feedback suggests these benefits contribute to work-life balance and increase the value of the total package.
Coalition Insights
What We Do
Coalition is the leading provider of cyber insurance and security, combining comprehensive insurance and proactive cybersecurity tools to help businesses manage and mitigate cyber risk. Coalition’s unique product offerings combine best-in-class insurance and proactive cybersecurity tools to help keep businesses safe.
