The Role
Provide 24x7 SecOps support across L1-L4 tiers, handling BAU ticketing, firewall/WAF/IPS/endpoint administration, VPN/MFA, incident triage, hardening, DR support, preventive maintenance, MIS reporting, audit/compliance evidence, and adherence to ITSM processes.
Summary Generated by Built In
Objectives
The key objectives of this engagement are to:
3. Scope of Services
3.1 Service Model & Coverage
RoleQuantityPrimary FocusL1 Security Analyst3Triage and fulfill BAU tasks, ticket handling, basic troubleshooting, standard changes, log monitoring and reporting, documentation, and common mailbox monitoring.L2 Security Engineer5Advanced BAU, troubleshooting, complex changes, RCA, audit evidence etc.L3/L4 Security Engineer2Engineering, hardening, architecture support, policy review/design, complex troubleshooting, DR support, governance inputs.
Note: Backfill must be provided for planned and unplanned leave to ensure uninterrupted coverage.
4. Roles & Responsibilities
4.1 Core BAU Security Operations
Vendor resources shall support Client teams in the following activities but not limited to:
The vendor is responsible for producing accurate, timely, and complete MIS reports, aligned to Client formats and requirements. Reports include, but are not limited to:
Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
Experience:
L3/L4 10+ years of experience in IT security operations,
L2 7-10 years of experience in IT security operations
L1 Minimum of 3 years of experience in IT security operations.
Certifications: Relevant industry standard certifications such as CompTIA Security+, CheckPoint, Palo Alto, WAF etc..
Skills:
Strong knowledge of IT security operations practices.
Proficiency in security solutions mentioned in Tech Stack.
Excellent problem-solving and analytical skills.
Strong communication and interpersonal skills.
5. Preventive Maintenance Responsibilities
Vendor resources shall execute preventive maintenance activities under Client direction, with clear documentation and reporting.
5.1 Daily Activities
6. Technology Environment (Indicative)
Vendor resources must have hands‑on experience with technologies including, but not limited to:
The key objectives of this engagement are to:
- Augment Client ’s Security Operations with experienced L1, L2, and L3/L4 resources
- Ensure uninterrupted 24x7 operational support for infrastructure security platforms
- Improve turnaround time for BAU security requests and operational tasks
- Support proactive security operations through structured preventive maintenance
- Ensure consistent MIS reporting and operational visibility
- Maintain strict adherence to Client ’s governance, compliance, and ITSM processes
3. Scope of Services
3.1 Service Model & Coverage
- 24x7 operational coverage, including shift‑based coverage and on‑call support
- Resources will operate under Client ‑defined processes, tools, and controls
- Vendor will provide staffing, backfill, and continuity of service
- All operational priorities, approvals, and SLAs are governed by Client
RoleQuantityPrimary FocusL1 Security Analyst3Triage and fulfill BAU tasks, ticket handling, basic troubleshooting, standard changes, log monitoring and reporting, documentation, and common mailbox monitoring.L2 Security Engineer5Advanced BAU, troubleshooting, complex changes, RCA, audit evidence etc.L3/L4 Security Engineer2Engineering, hardening, architecture support, policy review/design, complex troubleshooting, DR support, governance inputs.
Note: Backfill must be provided for planned and unplanned leave to ensure uninterrupted coverage.
4. Roles & Responsibilities
4.1 Core BAU Security Operations
Vendor resources shall support Client teams in the following activities but not limited to:
- Firewall policy and ACL implementation and troubleshooting
- WAF / IPS / Guardium Management
- VPN / MFA / token administration
- Website and proxy whitelisting
- Blocking indicators of compromise (IoCs)
- Endpoint security administration (AV, EDR, DLP)
- Security mailbox and queue monitoring
- Configuration management for in‑scope security technologies
- Support for audit, compliance, and evidence preparation
- Participation in disaster recovery drills and readiness activities
- Impact and root cause analysis
- Adherence to standards and changing management policies
- Audit, security and regulatory compliance knowledge
- Configuration management
- Supporting BAU tasks
- Daily backup & log monitoring
- DR activities support
- Preparing SOPs
- Firewall rule review & audit support
- Device baseline/hardening & vulnerability remediation coordination
- Adherence to ITSM processes (Incident, Change, Problem) & SLAs
The vendor is responsible for producing accurate, timely, and complete MIS reports, aligned to Client formats and requirements. Reports include, but are not limited to:
- Ticket volumes and status
- BAU request metrics (ACLs, tokens, whitelisting, endpoint actions)
- Preventive maintenance execution status
- Risks, issues, and dependency tracking
- Operational trends and observations
Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
Experience:
L3/L4 10+ years of experience in IT security operations,
L2 7-10 years of experience in IT security operations
L1 Minimum of 3 years of experience in IT security operations.
Certifications: Relevant industry standard certifications such as CompTIA Security+, CheckPoint, Palo Alto, WAF etc..
Skills:
Strong knowledge of IT security operations practices.
Proficiency in security solutions mentioned in Tech Stack.
Excellent problem-solving and analytical skills.
Strong communication and interpersonal skills.
5. Preventive Maintenance Responsibilities
Vendor resources shall execute preventive maintenance activities under Client direction, with clear documentation and reporting.
5.1 Daily Activities
- Health checks for in‑scope security platforms
- Log and alert monitoring
- Backup verification checks
- Queue and mailbox monitoring
- Daily operational checklist updates
- Review of firewall rules and recent changes
- Patch and signature status validation
- Capacity and performance checks
- Weekly MIS and operational summary
- Configuration drift checks
- Review of recurring incidents and BAU trends
- Validation of backup success and restore readiness
- Preventive maintenance execution report
- Firewall, endpoint, and security platform posture review
- SLA and operational metrics reporting
- Audit and compliance evidence preparation
- Security posture and hardening progress review
- Firewall and policy optimization review
- Trend analysis and improvement recommendations
- Participation in quarterly governance reviews
- Annual disaster recovery exercise support
- Annual backup and restore validation
- Security baseline and hardening review
- Support for internal and external audits
6. Technology Environment (Indicative)
Vendor resources must have hands‑on experience with technologies including, but not limited to:
- Firewalls: Check Point, Palo Alto, Fortinet
- Proxy / Web Security: Forcepoint, Zscaler
- WAF / IPS / Guardium / DDOS
- Endpoint Security: Trellix / McAfee, EDR, DLP
- IPS / NGFW IPS platforms
- Identity & Access: MFA / VPN token solutions
- ITSM: BMC Helix (or equivalent)
Skills Required
- Bachelor's degree in Computer Science, IT, Cybersecurity or related field
- Experience: L1 minimum 3 years; L2 7-10 years; L3/L4 10+ years in IT security operations
- Relevant industry certifications (e.g., CompTIA Security+, Check Point, Palo Alto, WAF certifications)
- Hands-on experience with firewalls, WAF, IPS, Guardium, DDoS mitigation, NGFW platforms
- Endpoint security administration experience (Trellix/McAfee, EDR, DLP)
- Identity and access management experience (MFA, VPN token solutions)
- ITSM experience (BMC Helix or equivalent) and adherence to Incident/Change/Problem processes
- Ability to provide 24x7 shift-based coverage, on-call support and backfill for planned/unplanned leave
- Experience producing MIS reports, operational metrics, and audit/compliance evidence
- Strong problem-solving, analytical, communication and interpersonal skills
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
NorthBay is an AWS Premier Partner focused on Database & Application migrations, data & analytics, DevOps & DataOps, application modernization and ML/Ai. Our practice areas include big data and analytics, machine learning, artificial intelligence and database migrations.
