Cybersecurity Forensics and Incident Response Analyst

Company Description

We Are Bosch.

At Bosch, we shape the future by inventing high-quality technologies and services that spark enthusiasm and enrich people's lives. Our areas of activity are every bit as diverse as our outstanding Bosch teams around the world. Their creativity is the key to innovation through connected living, mobility, or industry.

Let's grow together, enjoy more, and inspire each other. Work #LikeABosch

• Reinvent yourself: At Bosch, you will evolve.

• Discover new directions: At Bosch, you will find your place.

• Balance your life: At Bosch, your job matches your lifestyle.

• Celebrate success: At Bosch, we celebrate you.

• Be yourself: At Bosch, we value values.

• Shape tomorrow: At Bosch, you change lives.

Bosch Cyber Defense has an open position for a passionate, skilled, and experienced cyber forensic and incident response analyst to work as part of the cyber defense team in Pittsburgh, PA, USA. This is a unique opportunity to become part of a global distributed team tasked with protecting the Robert Bosch Group from cybercriminal attacks and threats. We are seeking outstanding professionals to bring new ideas and deep skills of value to Bosch's cyber defense organization. These are hands-on roles that will be expected to dive into cyber security incidents, investigate new attacks and vulnerabilities with impact on the global Bosch organization and proactively consider how to prevent the same type of incidents from occurring in the future. The successful candidate will be expected to play a key role in the identification of threats as well as the corresponding response.

Job Description

Our Security Analysts play a critical role in protecting the organization through activities such as log analysis, incident response, digital forensics, security tooling development, and risk assessment. In this role, you will be expected to perform effectively in high-pressure situations, think from both an attacker and defender perspective, and help drive timely, risk-based decisions across technical and business teams. You should be able to balance technical risk with business priorities and communicate findings, impacts, and mitigation strategies clearly to global stakeholders and leaders at different levels. The ideal candidate brings strong technical depth, practical experience in information security, excellent written and verbal communication skills, a collaborative mindset, and a willingness to continuously learn and apply new skills.

• Must be able to participate in a rotating on-call schedule and collaborate effectively across geographically distributed teams. Flexibility to work outside normal business hours during critical incidents or emergency situations is essential for success in this role.

• Must be willing and able to travel occasionally to Stuttgart, Germany, approximately 1-2 weeks annually.

Key Responsibilities - Cyber Forensics and Incident Response

• Lead and support digital forensics and incident response activities across the full lifecycle, including triage, investigation, containment, eradication, recovery, and post-incident reporting.

• Perform live-system, offline, and remote compromise investigations; collect, preserve, and analyze forensic artifacts such as memory, disk, endpoint, and network evidence in a forensically sound manner.

• Analyze malicious activity, attack techniques, and compromise scope across systems and networks to identify root cause, business impact, and required remediation actions.

• Coordinate response activities across technical and business stakeholders during critical incidents, ensuring clear communication, strong cross-functional alignment, and effective decision-making under pressure.

• Prepare clear, audience-appropriate updates, reports, and executive summaries, and communicate investigation findings, risks, and recommendations effectively, including in high-pressure situations.

• Collaborate with SOC, Cyber Threat Intelligence, and other cross-functional teams to improve detection content, workflows, monitoring visibility, and overall response effectiveness.

• Use and enhance investigative capabilities across SIEM, SOAR, EDR, packet analysis, and forensic toolsets, and recommend improvements to security processes, controls, and response capabilities.

• Proactively identify emerging threats, hunt for suspicious activity, and help drive preventive and detective improvements across the enterprise environment.

Qualifications

Basic Qualifications

• Bachelor's degree in Computer Science, Electrical Engineering, or a closely related field.

• At least 3 years of hands-on experience in incident response, digital forensics, or a combination of both, excluding certification-only experience.

• Strong proficiency in Windows environments, including enterprise security controls in Active Directory-based infrastructures.

• Proficiency in one or more scripting or programming languages such as Python, Bash, or PowerShell to support automation, detection, and investigation activities.

• Experience conducting malware analysis using static and dynamic techniques, including debuggers, disassemblers, and sandbox environments.

• Experience using AI-supported security capabilities to accelerate alert triage, investigations, threat hunting, or workflow automation, combined with the ability to validate results critically and apply appropriate human oversight.

• Ability to produce clear malware analysis reports for operational teams and broader enterprise stakeholders.

• Experience working in international or globally distributed environments.

• Strong critical thinking and problem-solving skills.

Preferred Qualifications

• Relevant cybersecurity or digital forensics certifications.

• One or more industry-recognized certifications, such as GIAC, ISC2, EC-Council, Offensive Security, or comparable credentials in incident response, forensics, penetration testing, or cloud security.

• Experience building internal security tools or utilities that improve the speed, scale, and effectiveness of security operations.

• Broad and deep technical knowledge across areas such as cryptography, network security, software security, malware analysis, digital forensics, security operations, incident response, and threat intelligence.

• Experience in security analytics, including intrusion detection, anomaly detection, and the application of data analysis or machine learning techniques to security use cases.

• Understanding of AI and machine learning concepts relevant to cybersecurity, including anomaly detection, generative AI use cases, prompt-related risks, model limitations, and the secure, responsible use of AI in security operations.

• Intellectual curiosity and a strong desire to continuously learn and grow in the field.

• Experience reconstructing malicious attacks or suspicious activity to determine scope, timeline, root cause, and impact.

• Ability to characterize and analyze network traffic, identify anomalous activity or potential threats, and investigate anomalies using packet data and network metadata.

• Ability to create forensically sound duplicates of evidence, including disk and triage images.

• Experience with disk forensics, forensic image creation, memory analysis, and the use of relevant analysis tools.

• Solid understanding of network topologies and security technologies such as firewalls, IDS/IPS, web proxies, DNS, and web application firewalls.

• Hands-on experience with forensic and investigative tools and platforms such as EnCase, FTK, SIFT, X-Ways, Volatility, Sleuth Kit/Autopsy, SIEM, SOAR, and EDR solutions.

• Experience with Windows forensics, including Windows Event Logs and the Registry, as well as creating forensic or triage images using tools such as Velociraptor.

• Experience with automated compromise assessment, IOC search tools on endpoints, and the interpretation of investigation results.

• Good understanding of the MITRE ATT&CK framework, adversary tactics, techniques, and procedures, as well as authentication, authorization, and auditing technologies across enterprise environments.

• Experience working with Splunk or comparable SIEM platforms and hands-on experience with Endpoint Detection and Response (EDR) tools.

• Experience conducting investigations using a broad range of detective technologies, including packet capture analysis, host forensics, memory analysis, and enterprise monitoring platforms.

• Experience designing cybersecurity systems and controls within enterprise environments and working knowledge of virtualized environments.

• Additional language skills, particularly Spanish or Portuguese.

Additional Information

Equal Opportunity Employer, including disability / veterans.

Please note that employment is contingent upon the successful completion of a drug screen and background check. Candidates who have been offered the position must pass both screenings before their start date.

For more information on our culture and benefits, please visit:

Culture and Benefits | Bosch in the USA (

#LI-JM1