Cybersecurity Forensics and Incident Response Analyst

Bosch Group


Job Location:

Pittsburgh, PA - USA

Monthly Salary: Not Disclosed
Posted on: 20 days ago
Vacancies: 1 Vacancy

Job Summary

Our Security Analysts play a critical role in protecting the organization through activities such as log analysis incident response digital forensics security tooling development and risk this role you will be expected to perform effectively in high-pressure situations think from both an attacker and defender perspective and help drive timely risk-based decisions across technical and business teams. You should be able to balance technical risk with business priorities and communicate findings impacts and mitigation strategies clearly to global stakeholders and leaders at different levels. The ideal candidate brings strong technical depth practical experience in information security excellent written and verbal communication skills a collaborative mindset and a willingness to continuously learn and apply new skills.

  • Must be able to participate in a rotating on-call schedule and collaborate effectively across geographically distributed teams. Flexibility to work outside normal business hours during critical incidents or emergency situations is essential for success in this role.
  • Must be willing and able to travel occasionally to Stuttgart Germany approximately 1-2 weeks annually.

Key Responsibilities - Cyber Forensics and Incident Response

  • Lead and support digital forensics and incident response activities across the full lifecycle including triage investigation containment eradication recovery and post-incident reporting.
  • Perform live-system offline and remote compromise investigations; collect preserve and analyze forensic artifacts such as memory disk endpoint and network evidence in a forensically sound manner.
  • Analyze malicious activity attack techniques and compromise scope across systems and networks to identify root cause business impact and required remediation actions.
  • Coordinate response activities across technical and business stakeholders during critical incidents ensuring clear communication strong cross-functional alignment and effective decision-making under pressure.
  • Prepare clear audience-appropriate updates reports and executive summaries and communicate investigation findings risks and recommendations effectively including in high-pressure situations.
  • Collaborate with SOC Cyber Threat Intelligence and other cross-functional teams to improve detection content workflows monitoring visibility and overall response effectiveness.
  • Use and enhance investigative capabilities across SIEM SOAR EDR packet analysis and forensic toolsets and recommend improvements to security processes controls and response capabilities.
  • Proactively identify emerging threats hunt for suspicious activity and help drive preventive and detective improvements across the enterprise environment.

Qualifications :

Basic Qualifications

  • Bachelors degree in Computer Science Electrical Engineering or a closely related field.
  • At least 3 years of hands-on experience in incident response digital forensics or a combination of both excluding certification-only experience.
  • Strong proficiency in Windows environments including enterprise security controls in Active Directory-based infrastructures.
  • Proficiency in one or more scripting or programming languages such as Python Bash or PowerShell to support automation detection and investigation activities.
  • Experience conducting malware analysis using static and dynamic techniques including debuggers disassemblers and sandbox environments.
  • Experience using AI-supported security capabilities to accelerate alert triage investigations threat hunting or workflow automation combined with the ability to validate results critically and apply appropriate human oversight.
  • Ability to produce clear malware analysis reports for operational teams and broader enterprise stakeholders.
  • Experience working in international or globally distributed environments.
  • Strong critical thinking and problem-solving skills.

Preferred Qualifications

  • Relevant cybersecurity or digital forensics certifications.
  • One or more industry-recognized certifications such as GIAC ISC2 EC-Council Offensive Security or comparable credentials in incident response forensics penetration testing or cloud security.
  • Experience building internal security tools or utilities that improve the speed scale and effectiveness of security operations.
  • Broad and deep technical knowledge across areas such as cryptography network security software security malware analysis digital forensics security operations incident response and threat intelligence.
  • Experience in security analytics including intrusion detection anomaly detection and the application of data analysis or machine learning techniques to security use cases.
  • Understanding of AI and machine learning concepts relevant to cybersecurity including anomaly detection generative AI use cases prompt-related risks model limitations and the secure responsible use of AI in security operations.
  • Intellectual curiosity and a strong desire to continuously learn and grow in the field.
  • Experience reconstructing malicious attacks or suspicious activity to determine scope timeline root cause and impact.
  • Ability to characterize and analyze network traffic identify anomalous activity or potential threats and investigate anomalies using packet data and network metadata.
  • Ability to create forensically sound duplicates of evidence including disk and triage images.
  • Experience with disk forensics forensic image creation memory analysis and the use of relevant analysis tools.
  • Solid understanding of network topologies and security technologies such as firewalls IDS/IPS web proxies DNS and web application firewalls.
  • Hands-on experience with forensic and investigative tools and platforms such as EnCase FTK SIFT X-Ways Volatility Sleuth Kit/Autopsy SIEM SOAR and EDR solutions.
  • Experience with Windows forensics including Windows Event Logs and the Registry as well as creating forensic or triage images using tools such as Velociraptor.
  • Experience with automated compromise assessment IOC search tools on endpoints and the interpretation of investigation results.
  • Good understanding of the MITRE ATT&CK framework adversary tactics techniques and procedures as well as authentication authorization and auditing technologies across enterprise environments.
  • Experience working with Splunk or comparable SIEM platforms and hands-on experience with Endpoint Detection and Response (EDR) tools.
  • Experience conducting investigations using a broad range of detective technologies including packet capture analysis host forensics memory analysis and enterprise monitoring platforms.
  • Experience designing cybersecurity systems and controls within enterprise environments and working knowledge of virtualized environments.
  • Additional language skills particularly Spanish or Portuguese.

Additional Information :

Equal Opportunity Employer including disability / veterans.

Please note that employment is contingent upon the successful completion of a drug screen and background check. Candidates who have been offered the position must pass both screenings before their start date. 

For more information on our culture and benefits please visit:

Culture and Benefits Bosch in the USA

#LI-JM1


Remote Work :

No


Employment Type :

Full-time

Our Security Analysts play a critical role in protecting the organization through activities such as log analysis incident response digital forensics security tooling development and risk this role you will be expected to perform effectively in high-pressure situations think from both an attacker a...

About Company

Company Logo

Bosch first started in Vietnam with a representative office in 1994. Bosch has its main office in Ho Chi Minh City, with branch offices in Hanoi and Da Nang, and a Powertrain Solutions plant in the Dong Nai province to manufacture pushbelt for continuously variable transmissions (CVT) ... View more

View Profile View Profile