Threat Analyst

Summary

Join Coalition as a Threat Analyst and become a key contributor to our expanding MDR security program. This remote role involves full-spectrum security analysis, focusing on detection and response within the SentinelOne platform. You will lead end-to-end event investigations, identify and investigate incidents, conduct forensic analysis, and develop expert-level opinions for technical and executive audiences. Collaborate with customers and internal teams, leveraging your expertise to improve Coalition’s security posture. This position offers the opportunity to work with modern cloud technology and influence major security technology decisions.

Requirements

• 4+ years of experience in MDR/security monitoring space, including commonly used tools such as SentinelOne and Crowdstrike
• 4+ years of experience and deep technical knowledge of techniques to contain an active incident, collect event data, analyze data for IOCs/IOAs, and evidentiary reporting to internal and external stakeholders
• 4+ years of experience and an understanding of cyber security operations, security monitoring, EDR, and SIEM tooling, e.g., Endgame, Falcon, and Splunk

Responsibilities

• Lead end-to-end event investigations, from MDR alert to client reporting, with Coalitions customers
• Identify and investigate incidents to understand the cause and extent of a breach by leveraging technical tooling and threat intelligence sources
• Conduct forensics, log, and malware analysis across a client’s environment in support of our investigations
• Leverage findings from the investigation to develop and articulate expert-level opinions to both technical and executive audiences
• Develop comprehensive written reports and oral presentations to both technical and executive audiences
• Effectively communicate and collaborate with customers including legal counsel, and technical and executive stakeholders
• Collaborate with practice leadership in leveraging subject matter expertise in the scoping of customer engagements

Preferred Qualifications

• Certifications: Security+, CISA
• Knowledge of enterprise security controls related to authentication and identity management, security network architectures, and application-based security controls
• Excellent time management, writing, and communications skills
• Network traffic and protocol analysis with tools like Wireshark
• Experience building scripts, tools, and methodologies that enhance investigation processes
• Client-facing experience such as any customer service-driven role

Benefits

• Work at Coalition is centered on the joint mission to Protect the Unprotected
• We have built a remote-first, highly inclusive culture that welcomes people from diverse backgrounds