L2/L3 — Network Security Engineer
Summary:
Own complex incident response, advanced configuration, and optimization across security controls. Mentor L1 and drive stability.
Key Responsibilities
- Lead L2/L3 incidents (e.g., application breakage from WAF/IPS signatures, complex NAT/policy collisions, certificate chain issues, DNS failures).
- Design and implement non-standard changes: app-based firewalling, user-ID integrations, URL filtering strategies, DLP integration on proxy.
- Tune policies/rules for performance and security (rule clean-up, logging strategy, SSL decryption policy tuning).
- Manage PKI/KMS lifecycle end-to-end: CSR generation, CA workflows, cert pinning impacts, renewals at scale; operations on HSMs (key backup/restore, partition roles).
- DDI engineering: DNS forwarders/conditional forwarding, split DNS for hybrid, DHCP failover, IPAM role-based controls.
- NAC: 802.1X/EAP, device profiling, posture policies, remediation flows; integrate with AD/IdP and MDM/UEM.
- Troubleshoot with packet capture (SPAN/PCAP), decryption where authorized.
- Develop and maintain runbooks, SOPs, and automation scripts (e.g., via APIs).
Support audits, implement security baselines and compliance controls
