CyberSecurity Forensics and Incident Response Analyst - Pittsburgh, United States - Robert Bosch Group

Description

CyberSecurity Forensics and Incident Response Analyst

Full-time
The Bosch Group operates in most countries in the world.

With over 400,000 associates, a career at Bosch offers a chance to grow an exceptional career in an environment that values diversity, initiative, and a drive for results.

If you are interested in working on the cutting-edge of technology, working at Bosch Research is the place for you
We are committed to quality at Bosch. Our environment celebrates diversity and promotes career progression.

We seek highly skilled, creative, results-oriented people who can look at technology from a new perspective and provide surprising insight.

We are looking for candidates who want to shape and drive innovation at Bosch.
Bosch Cyber Defense

has multiple open positions

for passionate, skilled, and experienced cyber forensic and incident response analysts to work as part of a newly formed

cyber defense team

in

Pittsburgh, PA, USA .

This is a unique opportunity become part of a global distributed team tasked with protecting the Robert Bosch Group from cybercriminal attacks and threats.

We are

seeking outstanding professionals

at all levels of experience

to bring new ideas and deep skills of value to Bosch's cyber defense organization.

These are hands-on roles that will be expected to dive into cyber security incidents, investigate new attacks and vulnerabilities with impact on the global Bosch organization and proactively consider how to prevent the same type of incidents from occurring in the future.

The successful candidate will be expected to play a key role in the identification of threats as well as the corresponding response.

Our security analysts will be expected to perform a variety of duties during an average day including but not limited to log analysis, incident response, forensics, system/tooling development, and risk assessment, just to name a few.

You must thrive in high-pressure situations, think like both an attacker and defender, and drive relevant teams to take the right actions in the right time frames to mitigate risks.

Candidates also need to balance technical risks against business needs and be able to articulate risks and mitigations to members of the global team as well as member of leadership at various levels.

You should have a good mix of deep technical knowledge and a demonstrated background in information security.

The successful candidate will be expected to be an active contributor, should have good written and oral communication skills, cross-team collaboration skills, and should be open to acquiring and applying new skills.

Successful candidates:
Must also be able to participates in rotating on call schedule

and

must be able to

work collaboratively

across physical locations. Having the ability to work outside of normal working hours as required due to critical incidents or emergency calls, will be essential to success in this role
Must be willing and able to travel occasionally to Stuttgart, Germany (5-10% travel in a year)
Help define requirements and identify gaps for performing remote compromise assessments
Capture forensic artifacts such as memory and disk images
Pivot on the forensic data working with the global Cyber Threat Intelligence team to determine if the malware is part of a larger campaign, how Bosch is being targeted and take any further remediation required
Lead remote compromise assessments and produce final assessment reports
Perform live box and dead box forensics to identify compromise and attack vector
Provide input for Security Operations Center (SOC) improvement and identify visibility gaps for enterprise monitoring
Collect network intrusion artifacts (e.g., PCAP, domains, URI's, certificates, etc.) and uses discovered data to enable mitigation of potential incidents
Collect network device integrity data and analyze for signs of tampering or compromise
Analyze identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
Track and document incident response activities and providing updates to leadership through executive summaries and in-depth technical reports
Plan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidence
Serve as technical forensics liaison to stakeholders and explaining investigation details
You will work in the Security Incident Response Team (SIRT) to build, develop, and operate a SIRT that will allow us to quickly identify, respond, and protect against threats to our global infrastructure
You will assist and/or lead investigations in active security incident scenarios, supporting the organization through the Incident Response lifecycle
You will work across functions to identify new and emerging threats and work to develop detection alarms and workflows to assist in future identification and response
Provide expertise in the triage and identification of potential security incidents
Develop and create alarms, dashboards, and workflows to allow quicker and more efficient insight into security events
Identify residual risk through security monitoring and instigate security-focused projects to remediate root cause issues
Proactively hunting threats in our environment, identifying new risk areas, and developing methods for us to proactively address these threats
Coordinate containment, eradication, and recovery actions for high priority on-premises cybersecurity incidents and cloud cybersecurity incidents.
Research security trends and recommend security tool optimization
Provide training, mentoring, and subject matter expertise for Security Operations Center (SOC) staff
Execute the incident response plan, ensuring cross-functional teams operate functionally and efficiently through incident response scenarios
Draft, maintain, and communicate incident reports for an executive audience
Basic Qualifications - Cyber Forensics
B.S. in computer science, electrical engineering or closely related field
3+ years experience with host or digital forensics, static malware code disassembly/analysis, and/or runtime malware code analysis or network forensic experience (not including certification)
Proficient working in a Windows environment
Proficient in one more of the following computer languages Python, Bash or Powershell in order to support cyber threat detection or automation
Experience with reconstructing a malicious attack or activity
Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata
Ability to create forensically sound duplicates of evidence (forensic images)
Experience with disc forensic, creating images and using tools for analyzing
Experienced with network topologies and network security devices (e.g. Firewall, IDS/IPS, Proxy, DNS, WAF, etc)

Desired experience and proficiency with the following tools and techniques:
EnCase, FTK, SIFT, X-Ways, Volatility, Sleuth Kit/Autopsy,
Experienced with Windows Forensics (Windows Eventlogs, Registry, ...) and creating the needed forensic/tirage images (Velociraptor, ...)
Experienced with Memory Forensics, creating dumps and analyzing the dump
Experienced with tools for automatic compromise assessment and IOC searches on clients and analyzing the results
Basic Qualifications -

Incident Response
B.S. in computer science, electrical engineering or closely related field
3 years of incident response experience (not including certification)
Splunk (or other SIEMs)
MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)
EDR Tools
Carving and extracting information from PCAP data
Designing cyber security systems and environments in an enterprise environment
Thorough understanding of enterprise security controls in Active Directory/Windows environments

Experience with investigating using a wide variety of detective technologies such as SIEM, SOAR, packet capture analysis, host forensics and memory analysis tools.

Experience with authentication, authorization, and auditing technologies and how they are implemented in different environments.
Preferred Qualifications
CVE certification
Have presented at a security conference such as DefCon, BlackHat, RSA Conference, etc.

Have at least one of the following certifications:

SANS GIAC:
GCIA, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH, ISC2: CCFP, CCSP, CISSP CERT CSIH, EC Council: CHFI, LPT, ECSA;

Offensive Security:
OSCP, OSCE, OSWP and OSEE;

Defense Cyber Investigative Training Academy:
FTK WFE-FTK, CIRC, WFE-E-CI, FIW
Have experience building security utilities and tools for internal use that enable you and your fellow Security Engineers to operate at high speed and wide scale
Have broad and deep technical knowledge, specifically in the fields of cryptography, network security, software security, malware analysis, forensics, security operations, incident response, and emergent security intelligence

Have demonstrated experience in security analytics including security and machine learning, applications of data miniing to security, intrusion detection, anomaly detection, network security,etc.

You are intellectually curious with a genuine desire to learn and advance your career.
You are a critical thinker with excellent problem-solving skills
Have knowledge of the Spanish or Portuguese language
Experience operating in an international environment.
Conduct malware analysis using static and dynamic methodologies (e.g., debuggers [Ollydbg], disassembler [IDA Pro], sandbox execution, etc.)
Produce malware reports to disseminate to the watch floor and enterprise
BOSCH is a proud supporter of STEM (Science, Technology, Engineering & Mathematics) Initiatives
FIRST Robotics (For Inspiration and Recognition of Science and Technology)
AWIM (A World In Motion)
By choice, we are committed to a diverse workforce – EOE/Protected Veteran/Disabled.
For more information on our culture and benefits, please visit:
The U.S. base salary range for this full-time position is $125,000 - $140,000.

Within the range, individual pay is determined based on several factors, including, but not limited to, work experience and job knowledge, complexity of the role, job location, etc.

Your Recruiter can share more details about the specific salary range for this position during the interview process.

In addition to your base salary, Bosch offers a comprehensive benefits package that includes health, dental, and vision plans; health savings accounts (HSA); flexible spending accounts; 401(K) retirement plan with an attractive employer match; wellness programs; life insurance; short and long term disability insurance; paid time off; parental leave, adoption assistance; and reimbursement of education expenses.

Learn more about our full benefits offerings by visiting:

. Pay ranges included in the postings generally reflect base salary; certain positions may include bonus, commission, or additional benefits.

#J-18808-Ljbffr