Security Network Operations Engineer – IDS (L2)

Job Title: Security Network Operations Engineer IDS (L1/L2)
Location: India
Experience: 3 8 years

Role Overview

We are looking for a Security Network Operations Engineer (IDS) to support 24x7 monitoring and management of Intrusion Detection Systems within a tiered L1/L2 SOC/NOC model. The role focuses on alert monitoring triage investigation tuning and incident handling ensuring high detection accuracy and operational efficiency of IDS controls.

The engineer will work closely with Security Operations Network Security Engineering and Incident Management teams to maintain a strong security posture across enterprise environments.

Key Responsibilities

1. 24x7 Monitoring & Alert Management

• Monitor IDS alerts continuously in a 24x7 shift model
• Identify and prioritize alerts based on severity and impact
• Ensure timely detection and response to potential threats

2. Alert Triage & Initial Investigation (L1/L2)

• Perform alert triage validation and initial investigation using runbooks & SOP
• Differentiate between: True & false positives Suspicious activity requiring escalation

3. Incident Logging & Tracking

• Log and manage incidents in ITSM tools
• Ensure tickets include Accurate context Impact analysis logs
• Track incidents till closure

4. Advanced Investigation & Analysis (L2)

• Conduct in-depth analysis of complex IDS alerts
• Correlate events across network Security logs & traffic pattern
• Identify attack vectors and potential threats

5. IDS Rule Tuning & Optimization

• Tune IDS rules and signatures to reduce false positives & Maintain detection accuracy

• Validate tuning changes before implementation

6. Troubleshooting & Issue Resolution

• Troubleshoot IDS policy issues Blocked/flagged traffic Signature-related anomalies
• Work with engineering teams for resolution of complex issues

7. Incident Change Problem Management Implementation

• Implement approved changes to IDS configurations
• Follow formal change management processes
• Ensure proper validation and rollback readiness
• Support Major incident handling (P1/P2) RCA Problem management activities

• Provide actionable insights to prevent recurrence

8 . Collaboration & Coordination

• Work closely with SOC Network Security Engineering teams & Incident Management teams

• Ensure seamless coordination during incidents and changes

9. Continuous Improvement & Operational Excellence

• Identify opportunities to Improve detection rules enhance runbooks and SOPs Optimize monitoring processes
• Contribute to improving overall IDS effectiveness and reliability

Required Skills & Experience

Technical Skills

• Hands-on experience with IDS/IPS technologies such as: Cisco IDS/IPS. Palo Alto Networks Threat Prevention Fortinet IDS/IPS
• Strong understanding of: Network protocols Threat detection techniques Signature-based and anomaly-based detection
• Experience on Alert triage and incident handling Log analysis and traffic inspection Threat identification and classification

Tools & Platforms

• ITSM tools SIEM tools Packet analysis tools

Soft Skills

• Strong analytical and problem-solving skills
• Ability to work in 24x7 shifts
• Good communication and documentation skills
• Ability to work under pressure during security incidents

Nice to Have

• Certifications:
  • CEH Security or equivalent
  • GIAC / IDS-related certifications
• Experience in SOC environments
• Exposure to automation or scripting (Python Bash)

Key Deliverables

• Timely alert triage and incident resolution
• Accurate incident tickets and documentation
• IDS tuning and optimization reports
• RCA and problem management inputs
• Updated runbooks and SOPs

Success Criteria

• High accuracy in alert triage (low false escalation rate)
• Reduced false positives through effective tuning
• Timely incident detection and response
• Strong collaboration across security and network teams
• Continuous improvement in IDS performance and coverage