Chennai, Tamil Nadu
Job Summary
Job Description : 1. ArcSight Platform Administration\\\\r\\\\n\\\\r\\\\nInstall, configure, and maintain ArcSight ESM components\\\\r\\\\nPerform system upgrades, patching, and routine health checks\\\\r\\\\nManage ArcSight architecture including: \\\\r\\\\n\\\\r\\\\nESM Console\\\\r\\\\nCORR Engine\\\\r\\\\nEvent Processing components\\\\r\\\\n\\\\r\\\\n\\\\r\\\\nEnsure platform stability, availability, and compliance with operational standards\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n2. Log & Event Management\\\\r\\\\n\\\\r\\\\nOnboard and integrate log sources such as: \\\\r\\\\n\\\\r\\\\nNetwork devices (firewalls, routers)\\\\r\\\\nServers (Windows/Linux)\\\\r\\\\nApplications and cloud platforms\\\\r\\\\n\\\\r\\\\n\\\\r\\\\nConfigure and manage SmartConnectors (Syslog, Database, API, File-based, etc.)\\\\r\\\\nEnsure reliable log ingestion, normalization, and parsing\\\\r\\\\nMonitor log flow to prevent data loss and ensure completeness\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n3. Use Case & Rule Management\\\\r\\\\n\\\\r\\\\nDevelop and optimize correlation rules, alerts, and filters\\\\r\\\\nPerform rule tuning to minimize false positives and improve detection accuracy\\\\r\\\\nImplement security use cases aligned with MITRE ATT&CK; / Cyber Kill Chain\\\\r\\\\nSupport SOC team by enhancing detection capabilities and incident visibility\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n4. Monitoring & Performance Management\\\\r\\\\n\\\\r\\\\nMonitor SIEM platform health: \\\\r\\\\n\\\\r\\\\nCPU, memory, storage utilization\\\\r\\\\nEvents Per Second (EPS) handling\\\\r\\\\n\\\\r\\\\n\\\\r\\\\nTroubleshoot: \\\\r\\\\n\\\\r\\\\nLog ingestion delays\\\\r\\\\nConnector failures\\\\r\\\\nEvent drops or parsing issues\\\\r\\\\n\\\\r\\\\n\\\\r\\\\nOptimize CORR Engine performance and storage utilization\\\\r\\\\nEnsure high system performance and scalability\\\\r\\\\nSENTINEL: \\\\r\\\\n\\\\r\\\\n \\\\r\\\\n\\\\r\\\\nLog Management & Integration\\\\r\\\\n\\\\r\\\\nOnboard data sources: \\\\r\\\\nAzure (Azure AD, Defender, Activity Logs)\\\\r\\\\nM365 (Defender, Exchange, SharePoint)\\\\r\\\\nOn-prem & 3rd party (via Syslog, CEF, Agents)\\\\r\\\\nConfigure Data Connectors and Data Collection Rules (DCRs)\\\\r\\\\nEnsure reliable log ingestion and retention policies\\\\r\\\\nAutomation & SOAR\\\\r\\\\n\\\\r\\\\nDevelop Playbooks using Azure Logic Apps\\\\r\\\\nAutomate incident response workflows (email, ticketing, containment)\\\\r\\\\nIntegrate with tools like ServiceNow, Teams, Defender\\\\r\\\\n Querying & Hunting\\\\r\\\\n\\\\r\\\\nDevelop and optimize KQL (Kusto Query Language) queries\\\\r\\\\nPerform threat hunting using Sentinel Workbooks\\\\r\\\\nCreate custom dashboards for visibility
Key Responsibilities
Job Responsibilities : 1. ArcSight Platform Administration Install, configure, and maintain ArcSight ESM components Perform system upgrades, patching, and routine health checks Manage ArcSight architecture including: ESM Console CORR Engine Event Processing components Ensure platform stability, availability, and compliance with operational standards 2. Log & Event Management Onboard and integrate log sources such as: Network devices (firewalls, routers) Servers (Windows/Linux) Applications and cloud platforms Configure and manage SmartConnectors (Syslog, Database, API, File-based, etc.) Ensure reliable log ingestion, normalization, and parsing Monitor log flow to prevent data loss and ensure completeness 3. Use Case & Rule Management Develop and optimize correlation rules, alerts, and filters Perform rule tuning to minimize false positives and improve detection accuracy Implement security use cases aligned with MITRE ATT&CK; / Cyber Kill Chain Support SOC team by enhancing detection capabilities and incident visibility 4. Monitoring & Performance Management Monitor SIEM platform health: CPU, memory, storage utilization Events Per Second (EPS) handling Troubleshoot: Log ingestion delays Connector failures Event drops or parsing issues Optimize CORR Engine performance and storage utilization Ensure high system performance and scalability SENTINEL: Log Management & Integration Onboard data sources: Azure (Azure AD, Defender, Activity Logs) M365 (Defender, Exchange, SharePoint) On-prem & 3rd party (via Syslog, CEF, Agents) Configure Data Connectors and Data Collection Rules (DCRs) Ensure reliable log ingestion and retention policies Automation & SOAR Develop Playbooks using Azure Logic Apps Automate incident response workflows (email, ticketing, containment) Integrate with tools like ServiceNow, Teams, Defender Querying & Hunting Develop and optimize KQL (Kusto Query Language) queries Perform threat hunting using Sentinel Workbooks Create custom dashboards for visibility
Skill Requirements
Skill Requirement : Strong experience in ArcSight ESM administration Hands-on with SmartConnectors configuration and troubleshooting Knowledge of SIEM architecture and log management concepts Experience with security frameworks (MITRE ATT&CK;, Kill Chain) Proficiency in Linux/Unix systems Understanding of network protocols, firewalls, and security logs Strong troubleshooting and analytical skills
Other Requirements
Other Requirement : Experience in other SIEM tools (Splunk, QRadar, Sentinel) Scripting knowledge (Shell/Python) Exposure to cloud security monitoring (Azure/AWS logs) ArcSight certification (preferred)
#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-
