The Role
Provide 24x7 SecOps coverage across L1-L4 roles: triage, ticketing, advanced troubleshooting, firewall/WAF/IPS management, endpoint and identity administration, preventive maintenance, MIS reporting, compliance/audit support, DR exercises, SOPs, and ITSM adherence. Ensure continuity, backfill, and SLA-driven operation under client processes.
Summary Generated by Built In
Objectives
The key objectives of this engagement are to:
3. Scope of Services
3.1 Service Model & Coverage
RoleQuantityPrimary FocusL1 Security Analyst3Triage and fulfill BAU tasks, ticket handling, basic troubleshooting, standard changes, log monitoring and reporting, documentation, and common mailbox monitoring.L2 Security Engineer5Advanced BAU, troubleshooting, complex changes, RCA, audit evidence etc.L3/L4 Security Engineer2Engineering, hardening, architecture support, policy review/design, complex troubleshooting, DR support, governance inputs.
Note: Backfill must be provided for planned and unplanned leave to ensure uninterrupted coverage.
4. Roles & Responsibilities
4.1 Core BAU Security Operations
Vendor resources shall support Client teams in the following activities but not limited to:
The vendor is responsible for producing accurate, timely, and complete MIS reports, aligned to Client formats and requirements. Reports include, but are not limited to:
Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
Experience:
L3/L4 10+ years of experience in IT security operations,
L2 7-10 years of experience in IT security operations
L1 Minimum of 3 years of experience in IT security operations.
Certifications: Relevant industry standard certifications such as CompTIA Security+, CheckPoint, Palo Alto, WAF etc..
Skills:
Strong knowledge of IT security operations practices.
Proficiency in security solutions mentioned in Tech Stack.
Excellent problem-solving and analytical skills.
Strong communication and interpersonal skills.
5. Preventive Maintenance Responsibilities
Vendor resources shall execute preventive maintenance activities under Client direction, with clear documentation and reporting.
5.1 Daily Activities
6. Technology Environment (Indicative)
Vendor resources must have hands‑on experience with technologies including, but not limited to:
The key objectives of this engagement are to:
- Augment Client ’s Security Operations with experienced L1, L2, and L3/L4 resources
- Ensure uninterrupted 24x7 operational support for infrastructure security platforms
- Improve turnaround time for BAU security requests and operational tasks
- Support proactive security operations through structured preventive maintenance
- Ensure consistent MIS reporting and operational visibility
- Maintain strict adherence to Client ’s governance, compliance, and ITSM processes
3. Scope of Services
3.1 Service Model & Coverage
- 24x7 operational coverage, including shift‑based coverage and on‑call support
- Resources will operate under Client ‑defined processes, tools, and controls
- Vendor will provide staffing, backfill, and continuity of service
- All operational priorities, approvals, and SLAs are governed by Client
RoleQuantityPrimary FocusL1 Security Analyst3Triage and fulfill BAU tasks, ticket handling, basic troubleshooting, standard changes, log monitoring and reporting, documentation, and common mailbox monitoring.L2 Security Engineer5Advanced BAU, troubleshooting, complex changes, RCA, audit evidence etc.L3/L4 Security Engineer2Engineering, hardening, architecture support, policy review/design, complex troubleshooting, DR support, governance inputs.
Note: Backfill must be provided for planned and unplanned leave to ensure uninterrupted coverage.
4. Roles & Responsibilities
4.1 Core BAU Security Operations
Vendor resources shall support Client teams in the following activities but not limited to:
- Firewall policy and ACL implementation and troubleshooting
- WAF / IPS / Guardium Management
- VPN / MFA / token administration
- Website and proxy whitelisting
- Blocking indicators of compromise (IoCs)
- Endpoint security administration (AV, EDR, DLP)
- Security mailbox and queue monitoring
- Configuration management for in‑scope security technologies
- Support for audit, compliance, and evidence preparation
- Participation in disaster recovery drills and readiness activities
- Impact and root cause analysis
- Adherence to standards and changing management policies
- Audit, security and regulatory compliance knowledge
- Configuration management
- Supporting BAU tasks
- Daily backup & log monitoring
- DR activities support
- Preparing SOPs
- Firewall rule review & audit support
- Device baseline/hardening & vulnerability remediation coordination
- Adherence to ITSM processes (Incident, Change, Problem) & SLAs
The vendor is responsible for producing accurate, timely, and complete MIS reports, aligned to Client formats and requirements. Reports include, but are not limited to:
- Ticket volumes and status
- BAU request metrics (ACLs, tokens, whitelisting, endpoint actions)
- Preventive maintenance execution status
- Risks, issues, and dependency tracking
- Operational trends and observations
Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
Experience:
L3/L4 10+ years of experience in IT security operations,
L2 7-10 years of experience in IT security operations
L1 Minimum of 3 years of experience in IT security operations.
Certifications: Relevant industry standard certifications such as CompTIA Security+, CheckPoint, Palo Alto, WAF etc..
Skills:
Strong knowledge of IT security operations practices.
Proficiency in security solutions mentioned in Tech Stack.
Excellent problem-solving and analytical skills.
Strong communication and interpersonal skills.
5. Preventive Maintenance Responsibilities
Vendor resources shall execute preventive maintenance activities under Client direction, with clear documentation and reporting.
5.1 Daily Activities
- Health checks for in‑scope security platforms
- Log and alert monitoring
- Backup verification checks
- Queue and mailbox monitoring
- Daily operational checklist updates
- Review of firewall rules and recent changes
- Patch and signature status validation
- Capacity and performance checks
- Weekly MIS and operational summary
- Configuration drift checks
- Review of recurring incidents and BAU trends
- Validation of backup success and restore readiness
- Preventive maintenance execution report
- Firewall, endpoint, and security platform posture review
- SLA and operational metrics reporting
- Audit and compliance evidence preparation
- Security posture and hardening progress review
- Firewall and policy optimization review
- Trend analysis and improvement recommendations
- Participation in quarterly governance reviews
- Annual disaster recovery exercise support
- Annual backup and restore validation
- Security baseline and hardening review
- Support for internal and external audits
6. Technology Environment (Indicative)
Vendor resources must have hands‑on experience with technologies including, but not limited to:
- Firewalls: Check Point, Palo Alto, Fortinet
- Proxy / Web Security: Forcepoint, Zscaler
- WAF / IPS / Guardium / DDOS
- Endpoint Security: Trellix / McAfee, EDR, DLP
- IPS / NGFW IPS platforms
- Identity & Access: MFA / VPN token solutions
- ITSM: BMC Helix (or equivalent)
Skills Required
- Bachelor's degree in Computer Science, IT, Cybersecurity, or related field
- L1: Minimum 3 years experience in IT security operations
- L2: 7-10 years experience in IT security operations
- L3/L4: 10+ years experience in IT security operations
- Hands-on experience with firewalls (Check Point, Palo Alto, Fortinet)
- Hands-on experience with proxy/web security (Forcepoint, Zscaler)
- Hands-on experience with WAF, IPS, Guardium, DDOS mitigation
- Hands-on experience with endpoint security (Trellix/McAfee), EDR, DLP
- Experience with MFA and VPN/token administration
- Experience with ITSM tools (BMC Helix or equivalent) and ITSM processes (Incident, Change, Problem)
- Ability to operate in 24x7 shift-based and on-call support model with backfill
- Produce accurate MIS reports (ticket volumes, BAU metrics, preventive maintenance status)
- Experience with firewall rule review, device hardening, vulnerability remediation coordination
- Strong problem-solving, analytical, communication, and interpersonal skills
- Relevant industry certifications (CompTIA Security+, Check Point, Palo Alto, WAF, etc.)
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
NorthBay is an AWS Premier Partner focused on Database & Application migrations, data & analytics, DevOps & DataOps, application modernization and ML/Ai. Our practice areas include big data and analytics, machine learning, artificial intelligence and database migrations.
