Cybersecurity Forensics And Incident Response Analyst

Job Description
Our security analysts will be expected to perform a variety of duties during an average day including but not limited to log analysis, incident response, forensics, system/tooling development, and risk assessment, just to name a few. You must thrive in high-pressure situations, think like both an attacker and defender, and drive relevant teams to take the right actions in the right time frames to mitigate risks. Candidates also need to balance technical risks against business needs and be able to articulate risks and mitigations to members of the global team as well as member of leadership at various levels. You should have a good mix of deep technical knowledge and a demonstrated background in information security. The successful candidate will be expected to be an active contributor, should have good written and oral communication skills, cross-team collaboration skills, and should be open to acquiring and applying new skills. Successful candidates:
Must also be able to participates in rotating on call schedule and must be able to work collaboratively across physical locations. Having the ability to work outside of normal working hours as required due to critical incidents or emergency calls, will be essential to success in this role
Must be willing and able to travel occasionally to Stuttgart, Germany (5-10% travel in a year)
Responsibilities for Cyber Forensics Role
Help define requirements and identify gaps for performing remote compromise assessments
Capture forensic artifacts such as memory and disk images
Pivot on the forensic data working with the global Cyber Threat Intelligence team to determine if the malware is part of a larger campaign, how Bosch is being targeted and take any further remediation required
Lead remote compromise assessments and produce final assessment reports
Perform live box and dead box forensics to identify compromise and attack vector
Provide input for Security Operations Center (SOC) improvement and identify visibility gaps for enterprise monitoring
Collect network intrusion artifacts (e.G., PCAP, domains, URI’s, certificates, etc.) and uses discovered data to enable mitigation of potential incidents
Collect network device integrity data and analyze for signs of tampering or compromise
Analyze identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
Track and document incident response activities and providing updates to leadership through executive summaries and in-depth technical reports
Plan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidence
Serve as technical forensics liaison to stakeholders and explaining investigation details
Responsibilities Incident Response Role
You will work in the Security Incident Response Team (SIRT) to build, develop, and operate a SIRT that will allow us to quickly identify, respond, and protect against threats to our global infrastructure
You will assist and/or lead investigations in active security incident scenarios, supporting the organization through the Incident Response lifecycle
You will work across functions to identify new and emerging threats and work to develop detection alarms and workflows to assist in future identification and response
Provide expertise in the triage and identification of potential security incidents
Develop and create alarms, dashboards, and workflows to allow quicker and more efficient insight into security events
Identify residual risk through security monitoring and instigate security-focused projects to remediate root cause issues
Proactively hunting threats in our environment, identifying new risk areas, and developing methods for us to proactively address these threats
Coordinate containment, eradication, and recovery actions for high priority on-premises cybersecurity incidents and cloud cybersecurity incidents.
Research security trends and recommend security tool optimization
Provide training, mentoring, and subject matter expertise for Security Operations Center (SOC) staff
Execute the incident response plan, ensuring cross-functional teams operate functionally and efficiently through incident response scenarios
Draft, maintain, and communicate incident reports for an executive audience