Job Description

Objectives
The key objectives of this engagement are to:

Augment Client ’s Security Operations with experienced L1, L2, and L3/L4 resources
Ensure uninterrupted 24x7 operational support for infrastructure security platforms
Improve turnaround time for BAU security requests and operational tasks
Support proactive security operations through structured preventive maintenance
Ensure consistent MIS reporting and operational visibility
Maintain strict adherence to Client ’s governance, compliance, and ITSM processes

3. Scope of Services
3.1 Service Model & Coverage

24x7 operational coverage, including shift‑based coverage and on‑call support
Resources will operate under Client ‑defined processes, tools, and controls
Vendor will provide staffing, backfill, and continuity of service
All operational priorities, approvals, and SLAs are governed by Client

3.2 Team Composition (Total: 10 Resources)
RoleQuantityPrimary FocusL1 Security Analyst3Triage and fulfill BAU tasks, ticket handling, basic troubleshooting, standard changes, log monitoring and reporting, documentation, and common mailbox monitoring.L2 Security Engineer5Advanced BAU, troubleshooting, complex changes, RCA, audit evidence etc.L3/L4 Security Engineer2Engineering, hardening, architecture support, policy review/design, complex troubleshooting, DR support, governance inputs.
Note: Backfill must be provided for planned and unplanned leave to ensure uninterrupted coverage.

4. Roles & Responsibilities
4.1 Core BAU Security Operations
Vendor resources shall support Client teams in the following activities but not limited to:

Firewall policy and ACL implementation and troubleshooting
WAF / IPS / Guardium Management
VPN / MFA / token administration
Website and proxy whitelisting
Blocking indicators of compromise (IoCs)
Endpoint security administration (AV, EDR, DLP)
Security mailbox and queue monitoring
Configuration management for in‑scope security technologies
Support for audit, compliance, and evidence preparation
Participation in disaster recovery drills and readiness activities
Impact and root cause analysis
Adherence to standards and changing management policies
Audit, security and regulatory compliance knowledge
Configuration management
Supporting BAU tasks
Daily backup & log monitoring
DR activities support
Preparing SOPs
Firewall rule review & audit support
Device baseline/hardening & vulnerability remediation coordination
Adherence to ITSM processes (Incident, Change, Problem) & SLAs

4.2 MIS Reporting (Mandatory Responsibility)
The vendor is responsible for producing accurate, timely, and complete MIS reports, aligned to Client formats and requirements. Reports include, but are not limited to:

Ticket volumes and status
BAU request metrics (ACLs, tokens, whitelisting, endpoint actions)
Preventive maintenance execution status
Risks, issues, and dependency tracking
Operational trends and observations

Qualifications
Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
Experience:
L3/L4 10+ years of experience in IT security operations,
L2 7-10 years of experience in IT security operations
L1 Minimum of 3 years of experience in IT security operations.
Certifications: Relevant industry standard certifications such as CompTIA Security+, CheckPoint, Palo Alto, WAF etc..
Skills:
Strong knowledge of IT security operations practices.
Proficiency in security solutions mentioned in Tech Stack.
Excellent problem-solving and analytical skills.
Strong communication and interpersonal skills.

5. Preventive Maintenance Responsibilities
Vendor resources shall execute preventive maintenance activities under Client direction, with clear documentation and reporting.
5.1 Daily Activities

Health checks for in‑scope security platforms
Log and alert monitoring
Backup verification checks
Queue and mailbox monitoring
Daily operational checklist updates

5.2 Weekly Activities

Review of firewall rules and recent changes
Patch and signature status validation
Capacity and performance checks
Weekly MIS and operational summary

5.3 Bi‑Weekly Activities

Configuration drift checks
Review of recurring incidents and BAU trends
Validation of backup success and restore readiness

5.4 Monthly Activities

Preventive maintenance execution report
Firewall, endpoint, and security platform posture review
SLA and operational metrics reporting
Audit and compliance evidence preparation

5.5 Quarterly Activities

Security posture and hardening progress review
Firewall and policy optimization review
Trend analysis and improvement recommendations
Participation in quarterly governance reviews

5.6 Annual Activities

Annual disaster recovery exercise support
Annual backup and restore validation
Security baseline and hardening review
Support for internal and external audits

6. Technology Environment (Indicative)
Vendor resources must have hands‑on experience with technologies including, but not limited to:

Firewalls: Check Point, Palo Alto, Fortinet
Proxy / Web Security: Forcepoint, Zscaler
WAF / IPS / Guardium / DDOS
Endpoint Security: Trellix / McAfee, EDR, DLP
IPS / NGFW IPS platforms
Identity & Access: MFA / VPN token solutions
ITSM: BMC Helix (or equivalent)

About NorthBay Solutions

NorthBay is AWS Premier Consulting Partner and also partnered with AI21 Labs, VMware, CloudRail and SAP in support of our Customers’ AWS cloud journeys. NorthBay helps companies transform their business by unlocking the value of their data in the cloud so they can gain agility and speed in their decision making and innovation.

Our specialities include:

- Generative AI

- Managed Service Provider

- Cloud Migration and Modernization Services

- Cloud Application Development

- Data Lake/Data Warehouse

- Machine Learning & AI

- DevOps Enablement

- Staff Augmentation

- Performance & Optimization.

Industry

IT & Software

Company Size

201-500 employees

Headquarters

Andover, MA

Year Founded

2007

Website

northbaysolutions.com

Social Media

Secop Engineer

Job Description

About NorthBay Solutions