Incident Response Lead

Summary

Join Coalition, a leading Active Insurance provider, and become a key member of our team. Drive incident response engagements, guiding customers through forensic investigations and remediation. Investigate data breaches, analyze systems, and provide comprehensive case reporting. Evaluate customer security programs and recommend enhancements. Contribute to internal process building and stay updated on industry trends and regulations. This role requires a Bachelor's degree, 5+ years of experience in incident response or digital forensics, and proficiency with various security tools and frameworks. We offer a competitive compensation package, including comprehensive health insurance, paid holidays, employer pension contributions, and a home office stipend.

Requirements

• Bachelor’s Degree in Computer Science, Information Security, Engineering, or other relevant subjects
• 5+ years of incident response or digital forensics experience
• Demonstrated practiced knowledge of the lifecycle of network threats, attacks, attack vectors, and methods of exploitation with a knowledge of intrusion set tactics, techniques, and procedures
• Knowledge of TCP/IP Protocols, network assessment and network/security applications, including log and network traffic capture assessment
• Experience with Velociraptor, Axiom, FTK, SIFT, Volatility, ELK, WireShark, Plaso, Skadi or other open source forensic/log analysis/network assessment tools
• Experience with EDR tools like CrowdStrike Falcon, Carbon Black, Sentinel One, etc
• Knowledge of industry standard frameworks – NIST, HIPAA, PCI
• Self-motivated; entrepreneurial spirit; comfortable working in a dynamic environment
• Strong interactive communication skills (verbal & written)
• Aptitude to learn technical concepts/terms, and aptitude to guide multiple tasks/projects simultaneously
• Experience deploying tools to AWS and familiarity using Cloud based platform for assessment

Responsibilities

• Drive incident response engagements to guide our customers through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations
• Coordinate and guide incident response assistance from team members and vendors
• Investigate customer data breaches and malicious activity leveraging forensics tools; analyze Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs); examine firewall, web, database, and other log sources to identify evidence of malicious activity
• Provide case reporting as required across internal and external audiences with the appropriate technical level of detail for threat researchers and/or business customers
• Evaluate customer security programs, technologies, controls, and business environments; recommend and develop enhancements
• Provide recommendations on solutions to help customers navigate information security risk
• Track emerging security practices and contribute to building internal processes, and our various products
• Stay abreast of the current regulatory environment, industry trends and related implications

Preferred Qualifications

• Excellent critical thinking skills with the experience to diagnose and troubleshoot technical issues
• Customer oriented with a strong interest in consumer satisfaction
• Experience to learn new technologies and concepts and comfortable using command-line interfaces
• Experience guiding teams of highly motivated analysts
• Communicate highly technical information to a non-technical audience
• Experience to handle and work with consumers through high priority scenarios
• Knowledge in project management
• Foster a positive work environment and attitude
• Flexibility with your work schedule in times of urgent response needs
• Contribute to thought guidance within the DFIR industry
• GCIH, GCIA, GCFA, GCFE, ACE, EnCE, CFCE, CISSP, or similar
• Security policy, governance, privacy or regulatory experience (e.g., NIST, ISO, HIPAA, PCI)
• Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.)
• Experience with system hardening procedures for Windows, Linux, Unix is helpful. Knowledge and/or experience with Nmap, Nessus, Nexpose, Qualys, Burp, Kali, Metasploit, Meterpreter, or other offensive tools is helpful
• Knowledge of scripting for development of security tools and industry frameworks is helpful
• SCADA/Control systems network experience is a plus

Benefits

• 100% medical coverage, including out-patient and emergency care
• 20+ paid holidays
• 12% employer pension contribution
• Annual home office stipend
• Mental & physical health wellness programs
• Competitive compensation and opportunity for advancement