Cyber Security Engineer

ti Steps

Job Title: Cyber Security Engineer L2

Overall Experience: 12 to 15 Years

Relevant Experience (Cyber Security Domain): Minimum 5 Years

Role Objective -

The Cyber Security L2 Engineer will be responsible for the day-to-day operations, administration, and maintenance of enterprise security infrastructure. The role requires strong hands-on expertise in Imperva Database Activity Monitoring (DAM) and Cisco Email & Web Security (ESA / WSA), along with good operational experience in managing and fine-tuning multiple security technologies. The engineer will also collaborate closely with cross-functional teams.

Key Responsibilities

Operational & Technical

• Manage and operate Imperva DAM and Cisco ESA / WSA platforms.
• Perform incident response and investigation, analyze alerts, and coordinate remediation with relevant teams.
• Conduct policy administration and fine-tuning to enhance detection accuracy and reduce false positives.
• Support the implementation and configuration of security controls across domains.
• Perform system health checks for all managed security tools, ensuring continuous availability and performance.
• Manage patching, version upgrades, and platform migrations in collaboration with OEM and infrastructure teams.
• Maintain documentation and operational reports, including incident logs, RCA reports, and audit evidence.
• Collaborate with SOC, Network, and Infrastructure teams for incident correlation and service restoration.
• Ensure adherence to established security frameworks, governance models, and ITIL-based change management policies.

Governance & Compliance

• Maintain compliance with defined security baselines, standards, and procedures.
• Contribute to vulnerability and risk assessments by providing insights from DAM and ESA/WSA findings.
• Participate in internal and external security audits, ensuring readiness, documentation, and corrective action tracking.

Must-Have Skills

• Imperva DAM: Administration, policy tuning, agent health checks, reporting, and SIEM integration.
• Cisco WSA / ESA: Policy management, content filtering, anti-spam configuration, SSL decryption, and quarantine management.
• Incident Response & Investigation: L2-level triage, log analysis, and root cause identification.
• Policy Administration & Security Control Implementation.
• Patch, Upgrade, and Version Management.
• Operational Reporting & Documentation.
• Awareness of Security Frameworks (ISO 27001, NIST, Zero Trust, etc.).
• Technical Environment Familiarity: Windows, Linux, VMware, SIEM, Network Security, Firewall, and Routing fundamentals.

Must-Have Certifications

• CISSP
• Imperva DAM or Database Security Certification (e.g., Imperva Certified Implementation Specialist CIS-DAM).
• Cisco Certified CCNP Security (WSA/ESA related).

Good-to-Have Skills

• Experience with Forcepoint DLP, CyberArk PAM, or Trend Micro Apex One / Deep Security.
• Basic familiarity with OPSWAT MetaDefender, Tenable.io, or F5 ASM/WAF.

Good-to-Have Certifications

• CompTIA Security+, or CySA+.
• Cisco Security certifications (e.g., CCIE Security).
• ISO 27001: Lead Implementer / Lead Auditor.

Key Attributes

• Strong analytical, troubleshooting, and communication skills.
• Ability to work independently and collaboratively under pressure.
• Process-driven mindset focused on continuous improvement and automation.
• Documentation-oriented approach aligned with ITIL and audit requirements.