Arista Engineer

Job Description L3 Support Engineer (Cisco WSA)

Location: Remote

Position Summary:

We are seeking an experienced L3 Support Engineer specializing in Cisco Web Security Appliance (WSA) to join our network security operations team. The ideal candidate will provide advanced support, troubleshooting, implementation, and maintenance of secure web gateway services, ensuring business continuity and protection against web threats.

Key Responsibilities:

• Provide L3 operational support for Cisco WSA appliances in a global enterprise environment.

• Should have expertise to deploy WSA appliances from scratch as well as to configure security policy and other features.

• Monitor, manage, and maintain WSA appliances, ensuring high availability and optimal performance.

• Handle advanced incident management, problem resolution, and root cause analysis for WSA-related issues.

• Configure and manage:

• URL filtering policies, access controls, and user authentication

• HTTPS decryption policies

• Application and content filtering rules

• Malware defense and data security policies

• Perform firmware upgrades, patches, and hotfixes on WSA devices.

• Collaborate with SOC, firewall, and proxy teams for security incident investigations.

• Implement changes following ITIL change management processes.

• Maintain documentation for policies, procedures, configurations, and troubleshooting guides.

• Work with vendor (Cisco TAC) for escalations and advanced troubleshooting.

• Contribute to automation and optimization of web security operations.

Required Skills & Experience:

• 8+ years of hands-on experience in IT security with at least 4 years on Cisco WSA (L3 level).

• Strong expertise in:

• Web Security Appliance (WSA) administration and troubleshooting

• URL filtering, DLP, malware scanning, HTTPS decryption

• LDAP/AD integration, user/group-based policy enforcement

• Good understanding of network protocols (HTTP, HTTPS, DNS, TCP/IP).

• Familiar with email security (ESA) is a plus.

• Experience with proxy bypasses, PAC files, and O365 integrations.

• Knowledge of security frameworks and compliance standards (ISO 27001, NIST, GDPR, etc.).

• Proficient in ITIL processes (Incident, Problem, Change management).

• Ability to analyze logs, packet captures, and proxy reports for troubleshooting.

• Vendor certification preferred (e.g., CCNP Security, Cisco Web Security Specialist).

Soft Skills:

• Strong analytical and troubleshooting skills.

• Excellent communication and documentation abilities.

• Ability to work independently and in a team under high-pressure situations.

• Proactive and continuous learning mindset.

Education:

• Bachelor s degree in Computer Science, IT, or related field.

Relevant security/network certifications preferred