Jobs · Information Technology · Pennsylvania

Cybersecurity Forensics and Incident Response Analyst

Bosch USA · Pittsburgh, PA · Yesterday
Information TechnologyFull-time

About the role

Bosch Cyber Defense is seeking a cyber forensic and incident response analyst to join their global distributed team. The successful candidate will play a key role in identifying and responding to threats to the Robert Bosch Group.

Responsibilities

  • Lead and support digital forensics and incident response activities across the full lifecycle, including triage, investigation, containment, eradication, recovery, and post-incident reporting.
  • Perform live-system, offline, and remote compromise investigations; collect, preserve, and analyze forensic artifacts such as memory, disk, endpoint, and network evidence in a forensically sound manner.
  • Analyze malicious activity, attack techniques, and compromise scope across systems and networks to identify root cause, business impact, and required remediation actions.
  • Collaborate with SOC, Cyber Threat Intelligence, and other cross-functional teams to improve detection content, workflows, monitoring visibility, and overall response effectiveness.
  • Use and enhance investigative capabilities across SIEM, SOAR, EDR, packet analysis, and forensic toolsets, and recommend improvements to security processes, controls, and response capabilities.
  • Proactively identify emerging threats, hunt for suspicious activity, and help drive preventive and detective improvements across the enterprise environment.

Qualifications

  • Basic Qualifications: Bachelor’s degree in Computer Science, Electrical Engineering, or a closely related field. At least 3 years of hands-on experience in incident response, digital forensics, or a combination of both, excluding certification-only experience.
  • Strong proficiency in Windows environments, including enterprise security controls in Active Directory-based infrastructures.
  • Proficiency in one or more scripting or programming languages such as Python, Bash, or PowerShell to support automation, detection, and investigation activities.
  • Experience conducting malware analysis using static and dynamic techniques, including debuggers, disassemblers, and sandbox environments.
  • Experience using AI-supported security capabilities to accelerate alert triage, investigations, threat hunting, or workflow automation, combined with the ability to validate results critically and apply appropriate human oversight.
  • Able to produce clear malware analysis reports for operational teams and broader enterprise stakeholders.
  • Experience working in international or globally distributed environments.
  • Strong critical thinking and problem-solving skills.

Preferred Qualifications

  • Relevant cybersecurity or digital forensics certifications.
  • One or more industry-recognized certifications, such as GIAC, ISC2, EC-Council, Offensive Security, or comparable credentials in incident response, forensics, penetration testing, or cloud security.
  • Experience building internal security tools or utilities that improve the speed, scale, and effectiveness of security operations.
  • Broad and deep technical knowledge across areas such as cryptography, network security, software security, malware analysis, digital forensics, security operations, incident response, and threat intelligence.
  • Experience in security analytics, including intrusion detection, anomaly detection, and the application of data analysis or machine learning techniques to security use cases.
  • Understanding of AI and machine learning concepts relevant to cybersecurity, including anomaly detection, generative AI use cases, prompt-related risks, model limitations, and the secure, responsible use of AI in security operations.
  • Intellectual curiosity and a strong desire to continuously learn and grow in the field.
  • Experience reconstructing malicious attacks or suspicious activity to determine scope, timeline, root cause, and impact.
  • Ability to characterize and analyze network traffic, identify anomalous activity or potential threats, and investigate anomalies using packet data and network metadata.
  • Experience with disk forensics, forensic image creation, memory analysis, and the use of relevant analysis tools.
  • Experience with automated compromise assessment, IOC search tools on endpoints, and the interpretation of investigation results.
  • Experience with the MITRE ATT&CK framework, adversary tactics, techniques, and procedures, as well as authentication, authorization, and auditing technologies across enterprise environments.
  • Experience working with Splunk or comparable SIEM platforms and hands-on experience with Endpoint Detection and Response (EDR) tools.
  • Experience conducting investigations using a broad range of detective technologies, including packet capture analysis, host forensics, memory analysis, and enterprise monitoring platforms.
  • Experience designing cybersecurity systems and controls within enterprise environments and working knowledge of virtualized environments.
  • Additional language skills, particularly Spanish or Portuguese.

Similar jobs