Senior Threat Analyst

About the role

We are looking for a Senior Threat Analyst (remote) to be a key contributor in expanding Coalition’s MDR security program. This role will serve as a full-spectrum security analyst with a strong focus on detection and response within the SentinelOne platform. Securing Coalition's MDR efforts is essential to protecting our policyholders and achieving Coalition’s goals of solving cyber-security risk. The MDR team leads the company-wide efforts to improve Coalition’s security posture in close collaboration with Product Engineering and IT Security teams.

You will be a key contributor to our roadmap while building up capabilities for innovative and scalable detection/response solutions. We’re targeted by the most capable adversaries and MDR will have excellent visibility/support from the entire company.  You will use modern cloud technology stacks and you will influence major security technology decisions. This role will report to the Head of MDR within Coalition Incident Response and will partner with the IT and Security Engineering teams.

Responsibilities

• Lead end-to-end event investigations from MDR alert to client reporting with Coalitions customers.

• Identify and investigate incidents to understand the cause and extent of a breach by leveraging technical tooling and threat intelligence sources.

• Conduct forensics log and malware analysis across a client’s environment in support of our investigations.

• Leverage findings from the investigation to develop and articulate expert-level opinions to both technical and executive audiences.

• Develop comprehensive written reports and oral presentations to both technical and executive audiences.

• Effectively communicate and collaborate with customers including legal counsel and technical and executive stakeholders.

• Collaborate with practice leadership in leveraging subject matter expertise in the scoping of customer engagements

Skills and Qualifications

• 5+ years of experience in MDR/security monitoring space including commonly used tools such as SentinelOne and Crowdstrike.

• 5+ years of experience and deep technical knowledge of techniques to contain an active incident collect event data analyze data for IOCs/IOAs and evidentiary reporting to internal and external stakeholders.

• 5+ years of experience and an understanding of cyber security operations security monitoring EDR and SIEM tooling e.g. Endgame Falcon and Splunk.