Cyber Security Engineer

Role Overview

Cybersecurity Engineer L2

24x7 security operations model

Key Responsibilities

1. Security Monitoring & Incident Support

• Support

  24x7 security monitoring

  activities across users, devices, applications, and infrastructure.
• Investigate alerts escalated from Tier-1 teams to confirm security incidents.
• Perform triage, validation, and technical analysis of security events.
• Create, update, and manage security incidents and alerts using

  ITSM tools

  .
• Provide investigation details and evidence to Tier-2 / Tier-3 teams as required.

2. Endpoint Detection & Response (EDR) Operations

• Monitor and respond to endpoint security alerts across workstations and servers.
• Administer and operate

  EDR and antivirus platforms

  , including:
• Policy configuration, tuning, and exception management
• Automated engine and signature updates
• Troubleshooting endpoints not reporting or updating correctly
• Validate endpoint agent deployment, coverage, and compliance.
• Support rollout of endpoint protection in coordination with IT tooling and stakeholders.
• Produce operational inputs for weekly and monthly security reporting.

3. Firewall Operations & Support

• Support day-to-day firewall operations, including:
• Rule creation, modification, and validation
• Policy updates to support infrastructure and device changes
• Assist with firewall patching and updates as per vendor advisories.
• Implement security profiles aligned to server, application, and device functions.
• Support testing, detection, and custom rule implementation activities.
• Ensure firewall changes are documented and aligned to approved processes.

4. Identity & Access Management (IAM) Support

• Support identity and access-related security activities.
• Assist with investigation of authentication, authorization, and access-related incidents.
• Support enforcement of access controls aligned to security policies.
• Work closely with EUC and infrastructure teams on identity-related issues.
• Ensure IAM activities align with governance and compliance requirements.

5. Collaboration & Escalation

• Work closely with:
• Tier-1 SOC / Command Center teams
• Cybersecurity Lead (L3)
• Infrastructure, Network, EUC, and Cloud teams
• Escalate complex or recurring issues with structured analysis and findings.
• Support coordinated incident response and remediation activities.

6. Documentation & Knowledge Contribution

• Maintain accurate incident records with clear technical notes.
• Contribute to cybersecurity SOPs, runbooks, and troubleshooting guides.
• Support knowledge capture during incidents, changes, and transition phases.
• Ensure documentation aligns with audit and compliance expectations.

Skills & Experience

Technical Skills (Aligned to Scope)

• Hands-on experience in:
• Endpoint Detection & Response (EDR)
• Antivirus / anti-malware platforms
• Firewall operations and rule management
• Identity and access management fundamentals
• Understanding of security monitoring, alert triage, and incident handling.
• Familiarity with

  Microsoft security ecosystem

  is preferred.
• Understanding of

  NIST CSF-aligned security operations

  .

Tools & Platforms (Preferred)

• EDR and endpoint protection platforms
• Firewall security platforms
• Microsoft Defender (Endpoint / Office 365 – advantage)
• Microsoft Sentinel (exposure is an advantage)
• ITSM platforms for security incident tracking

Experience

• 4–7 years

  of experience in cybersecurity operations or SOC roles.
• Experience working in

  L2 security support

  environments.
• Exposure to enterprise or managed security services.
• Experience supporting hybrid (on-prem + Azure) environments is preferred.

Soft Skills & Behavioral Expectations

• Structured and methodical approach to security investigation.
• Clear documentation and communication of findings.
• Strong ownership of assigned security activities.
• Collaborative working style across IT and security teams.
• Continuous learning mindset aligned to evolving security threats.

Working Model

• Offshore delivery from India.
• Shift-based operations aligned to

  24x7 security monitoring

  .
• Close coordination with Tier-1 SOC and Cybersecurity Lead.