L3 Incident Response

Job Description: L3 Incident Response & Network Security Engineer
Position:
L3 Incident Response / Security Operations Engineer

Location:
(Specify)

Experience:
5–10 Years

Sector:
Telecom / Enterprise / Managed Security Services

Role Overview
We are looking for a
hands-on L3 Incident Response & Network Security Engineer
with strong troubleshooting skills across firewalls, proxy solutions, WAFs, and secure email gateways. The engineer will act as the
highest technical escalation point (L3)
for SOC operations, handling major incidents, performing deep-dive investigations, tuning security controls, and providing advanced operational support.

This role requires extensive knowledge of enterprise security infrastructure, IR processes, and direct L3 SOC operations.

Key Responsibilities

• L3 Incident Response & Escalations
• Act as the L3 escalation point for all major security incidents.
• Perform detailed triage, containment, recovery, and root cause analysis.
• Investigate alerts and escalations from SOC L1/L2 teams including malware, intrusion attempts, DDoS indicators, suspicious traffic, or compromised accounts.
• Lead war-room calls for P1/P2 security incidents.
• Hands-on Troubleshooting (Critical Skill)

• Deep troubleshooting across:

• Firewall rules, access/ACL issues, NAT, VPN failures

• Proxy policies, URL filtering, SSL inspection
• WAF tuning, false positive reduction, signature adjustments

• Email gateway issues: spam, phishing, TLS routing, mail delivery

• Review packet captures, logs, and security alerts to isolate issues.

• Perform configuration corrections and implement mitigation steps.
• SOC L3 Operations
• Support day-to-day SOC operations at L3 level.
• Validate and enhance detection logic across SIEM/SOAR platforms.
• Collaborate with threat intel, detection engineering, and incident commanders.
• Guide SOC L1/L2 teams on escalations, tuning, and false positive reduction.
• Security Control Tuning & Optimization

• Continuously fine-tune:

• Firewall policies (ASA/FTD/Palo Alto/Checkpoint)

• IPS/IDS signatures
• WAF rules (F5 ASM, Imperva, Akamai, etc.)
• Proxy categories, SSL bypass policies, DLP rules

• Email security policies for phishing, malware, and spoofing

• Conduct periodic policy reviews and compliance validation.

• Change & Problem Management
• Manage and execute complex L3-level changes during planned maintenance windows.
• Perform impact analysis, pre/post checks, and documentation.
• Participate in root cause analysis and long-term remediation planning.
• Threat Hunting & Log Analysis
• Perform proactive threat hunting across network and security datasets.
• Analyze logs from firewalls, proxies, IPS, WAF, and email gateways.
• Identify anomalous patterns and work with SOC for follow-up actions.

Required Technical Skills
Hands-on Expertise (Mandatory)

• Firewalls (Cisco ASA, Firepower, Palo Alto, Check Point)
• Proxy solutions (Blue Coat, Zscaler, Squid)
• WAF platforms (F5 ASM, Imperva, Cloudflare, Akamai)
• Email Security Gateways (Cisco ESA/IronPort, Proofpoint, Mimecast)
• IDS/IPS analysis and tuning

Incident Response & SOC Skills

• Strong understanding of IR frameworks (NIST, SANS).
• Experience with SIEM platforms (Splunk, QRadar, Sentinel, Arcsight).
• Experience with SOAR automation (preferred).
• Packet capture analysis (Wireshark, tcpdump).

Additional Operational Security Tools (Advantage)

• FireEye
• Cisco ASA/Firepower
• Cisco ISE
• Arbor DDoS
• AlgoSec

Soft Skills

• Strong analytical and decision-making capability.
• Excellent communication during incidents.
• Ability to lead high-pressure security bridges.
• Strong documentation and reporting skills.

Preferred Certifications

• CCNP Security / CCIE Security
• GIAC Certifications (GCIA, GCIH, GCFA, GCFE)
• CEH / CHFI
• ITIL Foundation

Skills: incident response,soc,firewalls,security,email,operations,tuning,cisco,proxy