Senior Security Analyst
Coalition
Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. Founded in 2017, Coalition combines broad insurance coverage with a digital risk assessment and continuous security monitoring to help organizations protect themselves in today’s hyper-connected world.
Coalition offers its Active Insurance products in the U.S., U.K., and Canada through relationships with leading global insurers including Allianz, Arch Insurance, Lloyd’s of London, Swiss Re and Zurich, as well as cyber capacity through its own carrier, Coalition Insurance Company. Coalition's Active Risk Platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses worldwide remain resilient against cyber attacks.
Coalition comprises a team of cybersecurity and technology experts, as well as experienced insurance professionals, who have come together to build a world-class organization with a massive technological advantage. Our secret sauce is bringing these expertise together to create a world-class organization with one mission: to protect the unprotected as the world digitizes. Today, Coalition is one of the world’s largest commercial insurtechs serving hundreds of thousands of customers worldwide.
Since its founding, Coalition has raised $755 million in equity funding, including $250 million in June 2022, affirming its ability to deliver profitable growth and cementing its position as a long-term business with a clear competitive advantage.
Coalition’s exceptional growth stems from its ability to address real-world problems for organizations of all sizes, and by remaining true to our founding values of character, humility, responsibility, purpose, authenticity and inclusion. We are proud to have been named among Inc.’s Best Workplaces in 2021 and 2023, and one of Fast Company’s Most Innovative Companies in 2022.
About the Role
The Coalition Security team is comprised of bright minds across many cybersecurity domains, with expertise in Red Teaming, Threat Intelligence, Cyber Risk Management and Defensive Security Controls. In the Security Analyst role, your mandate is to help advise our policyholders on how to protect their business from cyber threats. As a part of this mandate, you might find yourself analyzing data breaches and claims events, conducting client security gap analysis, or advising prospective policyholders on how and why they should remediate a tricky security finding. You will work across our client base on topics ranging from security architecture and cloud security, to data protection and compliance.
You will also have an opportunity to work with our product team to codify security best practices into our underwriting algorithms, rating models and risk management apps.
Our core platform is written mostly in Python with some services in Java and Go. We prefer to use the right tool for the job and make pragmatic decisions about how to scale and decouple systems as we continue to grow. We’re looking for someone who can navigate a cloud environment (AWS) with many moving pieces and systems to help the team understand how they fit into the broader puzzle.
Responsibilities
- Review and analyze the security posture of insureds or potential insureds quickly and efficiently
- Evaluate customer security programs, technologies, controls, and business environments; recommend and develop enhancements
- Triage security incidents and claims, understand the root cause, and develop detection tradecraft from threat intelligence
- Build security automation tooling to rapidly integrate optimizations into our underwriting system
- Assist with developing Information Security Plans and Policies, including those for Incident Response, customized to customer requirements and risk profile
- Provide recommendations on solutions to help customers manage information security risk
- Track emerging security practices and contribute to building internal processes, and our various products
- Stay abreast of the current regulatory environment, industry trends and related implications
Skills and Qualifications
- Demonstrated expert understanding of the life cycle of network threats, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures
- Knowledge of TCP/IP Protocols, network analysis and network/security applications, including log and network traffic capture analysis
- Experience with Nmap, Nessus, Nexpose, Qualys, Burp, Kali, Metasploit, Meterpreter or other offensive tools
- Knowledge of industry standard frameworks – NIST, ISO, HIPAA, PCI
- Self-motivated with an entrepreneurial spirit and comfortable working in a fast-paced, dynamic environment
- Strong interpersonal communication skills (verbal & written)
- Aptitude to learn technical concepts/terms and ability to manage multiple tasks/projects simultaneously
- Bachelor’s Degree in Computer Science, Information Security, Engineering or equivalent work experience
Bonus Points
- Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.) - experience with system hardening procedures for Windows, Linux and Unix is helpful
- Knowledge or experience with EnCase, FTK, SIFT, Volatility, Splunk, Graylog, ELK/Logstash, WireShark, Zeek, or other open source forensic/log analysis/network analysis tools
- Knowledge of programming and scripting for development of security tools and industry frameworks is helpful
- SCADA / Control systems network experience a plus
#LI-Remote
To learn more, check out our featured press releases:
- Coalition Closes $250 Million in Series F Funding, Valuing the Cyber Insurance Provider at $5 Billion
- Coalition Named to Fast Company’s Annual List of of the World’s Most Innovative Companies for 2022
- Coalition Launches Active Insurance, Reaches $650M Run Rate GWP
- Coalition launches tech-powered executive risks products with personalized risk assessment for all US small-businesses