Torchora
Back to Home

Key Responsibilities and Required Skills for Blue Coat Proxy Engineer

💰 $95,000 - $155,000

Network SecuritySecure Web GatewayBlue CoatProxySGIT Operations

🎯 Role Definition

We are seeking an experienced Blue Coat Proxy Engineer (ProxySG / Secure Web Gateway Specialist) to design, deploy, tune, and support enterprise-grade web proxy infrastructure. The ideal candidate will have deep hands-on experience with Blue Coat (Symantec/Broadcom) ProxySG appliances and management consoles, strong HTTP/HTTPS and SSL/TLS expertise, and the ability to collaborate across networking, security, and application teams to secure and optimize web traffic. This role requires a problem-solver who can lead proxy architecture, policy design, integrations (AD/LDAP, ICAP, DLP, SIEM), and support 24x7 production environments while documenting and automating operational tasks.

Keywords: Blue Coat, ProxySG, Secure Web Gateway, SSL inspection, HTTPS decryption, PAC/WPAD, ICAP, Blue Coat Management Center (BCMC), Blue Coat Reporter, Proxy policies, Proxy clustering, web proxy engineer.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Network Engineer with proxy or firewall experience
  • Security Operations Engineer (SOC / Proxy support)
  • Systems Engineer with HTTP/SSL operational background

Advancement To:

  • Senior Network Security Engineer / Secure Web Gateway Architect
  • Network Security Architect / Cloud Security Architect
  • Technical Lead or Manager — Network & Security Infrastructure

Lateral Moves:

  • Cloud Network Engineer (proxy and proxy-as-a-service)
  • DLP / Data Protection Engineer
  • SIEM / Security Analytics Engineer

Core Responsibilities

Primary Functions

  • Design, implement, and maintain Blue Coat ProxySG (physical and virtual) appliances and virtual instances, ensuring secure and highly available deployments across on-premises and cloud environments.
  • Configure and manage Blue Coat policy objects, web filtering and URL categorization, content adaptation, and application control to enforce corporate acceptable use and threat mitigation policies.
  • Implement and maintain SSL/TLS interception (HTTPS decryption) flows on ProxySG devices including certificate lifecycle management, certificate profiling, SNI handling, OCSP/CRL validation and compatibility with TLS 1.2/1.3.
  • Integrate ProxySG with Active Directory/LDAP for authentication and SSO (NTLM, Kerberos, passthrough), ensuring correct user mapping, delegation, and secure credential flows for policy enforcement.
  • Configure and operate Blue Coat Management Center (BCMC) and Blue Coat Reporter for centralized configuration, logging, reporting, trending, policy audits and capacity planning.
  • Design and operate ProxySG high-availability clusters, load balancing, proxy chaining, WCCP and L7 routing policies for resilient, scalable web proxy infrastructure.
  • Integrate ProxySG with ICAP and third-party content scanning servers (antivirus, DLP, malware sandboxing) to enable inline content inspection and enforcement workflows.
  • Tune cache settings, proxy performance profiles, refresh logic and content adaptation rules to optimize latency, bandwidth usage and user experience.
  • Create, test and maintain PAC files, WPAD configurations and client proxy auto-configurations for appropriate client routing and failover behavior.
  • Perform deep troubleshooting of HTTP/HTTPS flows using packet captures, tcpdump, SSL key analysis, Wireshark, and proxy logs to resolve complex user and application access issues.
  • Execute firmware upgrades, security patching, vulnerability remediation and lifecycle management for ProxySG appliances and virtual instances with minimal service disruption.
  • Maintain and extend authentication and authorization integrations (RADIUS, SAML, OAuth, LDAP) for specialized application access and reporting requirements.
  • Develop and maintain automation scripts and tools using Python, Bash, or REST APIs to automate configuration drift detection, bulk policy deployments and reporting tasks.
  • Integrate proxy logs and meta-data with SIEM solutions (e.g., Splunk) using syslog/CEF/JSON, develop parsers and dashboards for security monitoring, incident detection and forensics.
  • Establish enterprise runbooks, standard operating procedures, configuration baselines and change control practices specific to ProxySG management and policy changes.
  • Provide 24x7 on-call rotation support for proxy incidents and escalations; coordinate cross-functional incident response with NOC, SOC, and application owners.
  • Lead proxy migration and consolidation projects (e.g., replacing legacy proxies, migrating to ProxySG virtual appliances or cloud gateway solutions) with clear migration plans, testing and rollback strategies.
  • Support reverse proxy and secure publishing for internal web applications where ProxySG is used as an application gateway or SSL termination point.
  • Conduct periodic security hardening, configuration audits and compliance checks (PCI, HIPAA, internal policies) for proxy infrastructure and associated logging.
  • Work with application teams to onboard new applications through the proxy, define exceptions, and apply precise policy rules to minimize business disruption while protecting users.
  • Monitor health and capacity of proxy clusters via SNMP, NetFlow, and management API metrics; plan for capacity growth and cost optimization.
  • Provide training, documentation and knowledge transfer for Tier 1/Tier 2 support teams on ProxySG operations, policy creation, and troubleshooting.
  • Evaluate emerging Secure Web Gateway features, CASB integration points, cloud proxy offerings and propose roadmap improvements for web security posture.
  • Maintain an inventory of SSL certificates and keys used in interception and application publishing; coordinate renewals and certificate authority management.
  • Collaborate with network engineering to design WCCP, routing and NAT strategies that align proxy placement with traffic flows, cloud on-ramps and edge services.

Secondary Functions

  • Create and maintain detailed operational documentation, diagrams and runbooks for proxy architecture, failover scenarios and rollback plans.
  • Support audits and provide evidence for compliance reviews including proxy logs, policy change histories and access control mappings.
  • Support capacity planning and budgeting exercises for proxy infrastructure lifecycle and replacement cycles.
  • Participate in security tabletop exercises and penetration testing remediation for web gateway configurations.
  • Assist in vendor evaluation, RFP responses and proof-of-concept testing for alternative proxy or secure web gateway solutions.
  • Collaborate with cloud architects to design proxy strategies for hybrid workloads, ensuring secure, consistent policy enforcement for SaaS and IaaS workloads.
  • Mentor junior team members on web proxy concepts including HTTP headers, caching semantics, and SSL/TLS flows.
  • Participate in cross-functional change advisory board (CAB) meetings to review and authorize proxy-related changes.
  • Implement telemetry and observability improvements to provide richer analytics from proxy events for machine learning and automation pipelines.
  • Support ad hoc business requests for white-listing, traffic exceptions, and short-term bypasses while ensuring proper justification and expiry.

Required Skills & Competencies

Hard Skills (Technical)

  • Deep hands-on experience with Blue Coat / Symantec / Broadcom ProxySG appliances and Blue Coat Management Center (BCMC).
  • Strong knowledge of HTTP/HTTPS internals, headers, cookies, caching semantics and proxy behavior.
  • Expertise in SSL/TLS interception (HTTPS decryption), certificate management, PKI integration and TLS debugging.
  • Experience configuring and managing authentication integrations (Active Directory/LDAP, Kerberos, NTLM, SAML).
  • Experience with ICAP integration and content adaptation workflows; familiarity with DLP and antivirus inline scanning.
  • Proven ability to design and operate HA clustering, load balancing and WCCP integration for proxies.
  • Log management and SIEM integration skills (Splunk, ELK) — syslog, CEF, JSON formats and parsers.
  • Proficiency with packet capture tools and protocol analysis using Wireshark, tcpdump, and proxy trace logs.
  • Scripting and automation skills (Python, Bash, PowerShell) and familiarity with REST APIs for management automation.
  • Networking fundamentals: TCP/IP, routing, NAT, VLANs, DNS and experience coordinating with network vendors.
  • Experience with virtualized proxy deployments (VMware, KVM) and cloud deployments (AWS, Azure) for proxy/secure web gateway.
  • Familiarity with PAC/WPAD scripting and browser proxy configuration management.
  • Experience maintaining proxy upgrade cycles, firmware patching, and appliance lifecycle management.
  • Familiarity with regulatory/compliance frameworks (PCI, HIPAA, SOC2) as they relate to web proxy logging and retention.
  • Troubleshooting and incident response skills with documented troubleshooting methodologies and runbooks.

Soft Skills

  • Strong communication skills: explain technical tradeoffs to non-technical stakeholders and write clear runbooks and reports.
  • Collaborative mindset: work effectively across networking, security, application and cloud teams.
  • Problem-solving under pressure: effective decision-making during production incidents and escalations.
  • Project management and organization: plan migrations, upgrades and maintenance windows with minimal business impact.
  • Mentoring and knowledge transfer: train junior engineers and improve team capabilities.
  • Attention to detail for policy rule design, certificate management and compliance evidence.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent practical experience.

Preferred Education:

  • Bachelor’s or Master’s degree in a technical field; industry certifications such as CCNP, CISSP, GIAC, or vendor-specific networking/security certs are a plus.

Relevant Fields of Study:

  • Computer Science
  • Information Security / Cybersecurity
  • Network Engineering
  • Systems Engineering

Experience Requirements

Typical Experience Range: 3–7 years of hands-on experience managing web proxy or secure web gateway infrastructure; at least 3 years specifically with Blue Coat / ProxySG strongly preferred.

Preferred:

  • 5+ years of enterprise proxy/secure web gateway experience including SSL/TLS interception, policy design, HA clustering and ICAP/DLP integrations.
  • Experience in hybrid environments (on-prem + cloud) and supporting SaaS applications through proxy solutions.
  • Demonstrated experience with automation, SIEM integration and cross-functional incident leadership.

If you need this tailored to a specific seniority level (Junior, Senior, Lead) or to include interview questions, KPIs or an ATS-optimized summary, tell me which focus and I’ll adapt the job specification.

Explore More Careers