🛠 Tech Stack

💼 About This Role

You'll lead digital forensics and incident response investigations for policyholders facing active cyber incidents at Coalition's UK Incident Response team. You'll investigate threats like business email compromise and ransomware, helping organizations move from uncertainty to clear next steps. This role offers the chance to shape UK incident response playbooks and work cross-functionally in a global coverage model.

🎯 What You'll Do

• Lead DFIR investigations from scoping through case closure.
• Analyze cloud, email, endpoint, network, and web artifacts.
• Produce forensic reports and present findings to stakeholders.
• Coordinate response with cross-functional partners and vendors.
• Improve CIR UK playbooks and proactive services like tabletops.

📋 Requirements

• Substantial hands-on DFIR experience leading investigations independently.
• Strong Windows and Linux forensics skills for evidence collection and analysis.
• Deep experience investigating Microsoft 365 and email compromise.
• Ability to analyze logs and telemetry from EDR and network platforms.

✨ Nice to Have

• macOS forensics experience.
• Website forensics especially WordPress or similar.
• Cloud forensics in AWS, Google Cloud, or other environments.

🎁 Benefits & Perks

• 🏥 100% medical coverage including outpatient care
• 📅 25+ paid holidays
• 🏠 Annual home office stipend
• 💰 7% employer pension contribution
• 🧘 Wellness programs like Headspace and Wellhub

📨 Hiring Process

Estimated timeline: 2-4 weeks · AI estimate

1. 1Recruiter Screen· 30 min
2. 2Technical Interview· 60 min
3. 3Hiring Manager Interview· 45 min