Bosch

Cybersecurity Forensics and Incident Response Analyst

Bosch  •  Pittsburgh, PA (Onsite)  •  5 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

We Are Bosch.

At Bosch, we shape the future by inventing high-quality technologies and services that spark enthusiasm and enrich people’s lives. Our areas of activity are every bit as diverse as our outstanding Bosch teams around the world. Their creativity is the key to innovation through connected living, mobility, or industry.

Let’s grow together, enjoy more, and inspire each other. Work #LikeABosch

  • Reinvent yourself: At Bosch, you will evolve.
  • Discover new directions: At Bosch, you will find your place.
  • Balance your life: At Bosch, your job matches your lifestyle.
  • Celebrate success: At Bosch, we celebrate you.
  • Be yourself: At Bosch, we value values.
  • Shape tomorrow: At Bosch, you change lives.

Bosch Cyber Defense has an open position for a passionate, skilled, and experienced cyber forensic and incident response analyst to work as part of the cyber defense team in Pittsburgh, PA, USA. This is a unique opportunity to become part of a global distributed team tasked with protecting the Robert Bosch Group from cybercriminal attacks and threats. We are seeking outstanding professionals to bring new ideas and deep skills of value to Bosch’s cyber defense organization. These are hands-on roles that will be expected to dive into cyber security incidents, investigate new attacks and vulnerabilities with impact on the global Bosch organization and proactively consider how to prevent the same type of incidents from occurring in the future. The successful candidate will be expected to play a key role in the identification of threats as well as the corresponding response.

Our Security Analysts play a critical role in protecting the organization through activities such as log analysis, incident response, digital forensics, security tooling development, and risk assessment. In this role, you will be expected to perform effectively in high-pressure situations, think from both an attacker and defender perspective, and help drive timely, risk-based decisions across technical and business teams. You should be able to balance technical risk with business priorities and communicate findings, impacts, and mitigation strategies clearly to global stakeholders and leaders at different levels. The ideal candidate brings strong technical depth, practical experience in information security, excellent written and verbal communication skills, a collaborative mindset, and a willingness to continuously learn and apply new skills.

  • Must be able to participate in a rotating on-call schedule and collaborate effectively across geographically distributed teams. Flexibility to work outside normal business hours during critical incidents or emergency situations is essential for success in this role.
  • Must be willing and able to travel occasionally to Stuttgart, Germany, approximately 1-2 weeks annually.

Key Responsibilities - Cyber Forensics and Incident Response

  • Lead and support digital forensics and incident response activities across the full lifecycle, including triage, investigation, containment, eradication, recovery, and post-incident reporting.
  • Perform live-system, offline, and remote compromise investigations; collect, preserve, and analyze forensic artifacts such as memory, disk, endpoint, and network evidence in a forensically sound manner.
  • Analyze malicious activity, attack techniques, and compromise scope across systems and networks to identify root cause, business impact, and required remediation actions.
  • Coordinate response activities across technical and business stakeholders during critical incidents, ensuring clear communication, strong cross-functional alignment, and effective decision-making under pressure.
  • Prepare clear, audience-appropriate updates, reports, and executive summaries, and communicate investigation findings, risks, and recommendations effectively, including in high-pressure situations.
  • Collaborate with SOC, Cyber Threat Intelligence, and other cross-functional teams to improve detection content, workflows, monitoring visibility, and overall response effectiveness.
  • Use and enhance investigative capabilities across SIEM, SOAR, EDR, packet analysis, and forensic toolsets, and recommend improvements to security processes, controls, and response capabilities.
  • Proactively identify emerging threats, hunt for suspicious activity, and help drive preventive and detective improvements across the enterprise environment.

Qualifications

Basic Qualifications

  • Bachelor’s degree in Computer Science, Electrical Engineering, or a closely related field.
  • At least 3 years of hands-on experience in incident response, digital forensics, or a combination of both, excluding certification-only experience.
  • Strong proficiency in Windows environments, including enterprise security controls in Active Directory-based infrastructures.
  • Proficiency in one or more scripting or programming languages such as Python, Bash, or PowerShell to support automation, detection, and investigation activities.
  • Experience conducting malware analysis using static and dynamic techniques, including debuggers, disassemblers, and sandbox environments.
  • Experience using AI-supported security capabilities to accelerate alert triage, investigations, threat hunting, or workflow automation, combined with the ability to validate results critically and apply appropriate human oversight.
  • Ability to produce clear malware analysis reports for operational teams and broader enterprise stakeholders.
  • Experience working in international or globally distributed environments.
  • Strong critical thinking and problem-solving skills.

Preferred Qualifications

  • Relevant cybersecurity or digital forensics certifications.
  • One or more industry-recognized certifications, such as GIAC, ISC2, EC-Council, Offensive Security, or comparable credentials in incident response, forensics, penetration testing, or cloud security.
  • Experience building internal security tools or utilities that improve the speed, scale, and effectiveness of security operations.
  • Broad and deep technical knowledge across areas such as cryptography, network security, software security, malware analysis, digital forensics, security operations, incident response, and threat intelligence.
  • Experience in security analytics, including intrusion detection, anomaly detection, and the application of data analysis or machine learning techniques to security use cases.
  • Understanding of AI and machine learning concepts relevant to cybersecurity, including anomaly detection, generative AI use cases, prompt-related risks, model limitations, and the secure, responsible use of AI in security operations.
  • Intellectual curiosity and a strong desire to continuously learn and grow in the field.
  • Experience reconstructing malicious attacks or suspicious activity to determine scope, timeline, root cause, and impact.
  • Ability to characterize and analyze network traffic, identify anomalous activity or potential threats, and investigate anomalies using packet data and network metadata.
  • Ability to create forensically sound duplicates of evidence, including disk and triage images.
  • Experience with disk forensics, forensic image creation, memory analysis, and the use of relevant analysis tools.
  • Solid understanding of network topologies and security technologies such as firewalls, IDS/IPS, web proxies, DNS, and web application firewalls.
  • Hands-on experience with forensic and investigative tools and platforms such as EnCase, FTK, SIFT, X-Ways, Volatility, Sleuth Kit/Autopsy, SIEM, SOAR, and EDR solutions.
  • Experience with Windows forensics, including Windows Event Logs and the Registry, as well as creating forensic or triage images using tools such as Velociraptor.
  • Experience with automated compromise assessment, IOC search tools on endpoints, and the interpretation of investigation results.
  • Good understanding of the MITRE ATT&CK framework, adversary tactics, techniques, and procedures, as well as authentication, authorization, and auditing technologies across enterprise environments.
  • Experience working with Splunk or comparable SIEM platforms and hands-on experience with Endpoint Detection and Response (EDR) tools.
  • Experience conducting investigations using a broad range of detective technologies, including packet capture analysis, host forensics, memory analysis, and enterprise monitoring platforms.
  • Experience designing cybersecurity systems and controls within enterprise environments and working knowledge of virtualized environments.
  • Additional language skills, particularly Spanish or Portuguese.

Additional Information

Equal Opportunity Employer, including disability / veterans.

Please note that employment is contingent upon the successful completion of a drug screen and background check. Candidates who have been offered the position must pass both screenings before their start date.

For more information on our culture and benefits, please visit:

Culture and Benefits | Bosch in the USA

#LI-JM1

Bosch

About Bosch

The Bosch Group is a leading global supplier of technology and services. It employs roughly 417,900 associates worldwide (as of December 31, 2024). According to preliminary figures, the company generated sales of 90.5 billion euros in 2024. Its operations are divided into four business sectors: Mobility, Industrial Technology, Consumer Goods, and Energy and Building Technology. With its business activities, the company aims to use technology to help shape universal trends such as automation, electrification, digitalization, connectivity, and an orientation to sustainability. In this context, Bosch’s broad diversification across regions and industries strengthens its innovativeness and robustness. Bosch uses its proven expertise in sensor technology, software, and services to offer customers cross-domain solutions from a single source. It also applies its expertise in connectivity and artificial intelligence in order to develop and manufacture user-friendly, sustainable products. With technology that is “Invented for life,” Bosch wants to help improve quality of life and conserve natural resources. The Bosch Group comprises Robert Bosch GmbH and its roughly 470 subsidiary and regional companies in over 60 countries. Including sales and service partners, Bosch’s global manufacturing, engineering, and sales network covers nearly every country in the world. Bosch’s innovative strength is key to the company’s further development. At 136 locations across the globe, Bosch employs some 86,900 associates in research and development, of which nearly 48,000 are software engineers.

Instagram: https://www.instagram.com/boschglobal/

Facebook: https://www.facebook.com/BoschGlobal

Glassdoor: https://bit.ly/3raTZnH

Imprint: www.bosch.com/corporate-information

Privacy statement: https://www.bosch.com/data-protection-notice-bosch-linkedin/

Industry
IT & Software
Company Size
10,000+ employees
Headquarters
Gerlingen-Schillerhöhe, DE
Year Founded
Unknown
Website
bosch.com
Social Media