ArcSight Solution Architect

ArcSight Solution Architect

What You Will Do: Key Responsibilities

• Analyse and understand new log source formats

  (syslog, flat files, APIs, JSON etc.) to enable comprehensive data ingestion.

• Design and develop custom Flex Connectors

  , including robust support for JSON and non-standard log formats, and deploy these ArcSight Flex Connectors for custom log source integration.

• Lead parser creation and tuning

  for a wide range of log sources and security technologies, ensuring accurate data normalization.

• Collaborate with the SOC (Security Operations Center) and threat intelligence teams

  to build effective detection use cases and correlation rules aligned with the MITRE ATT&CK framework.

• Integrate ArcSight with SOAR (Security Orchestration, Automation, and Response) platforms

  for automated incident response, leveraging Python scripting for seamless orchestration.

• Conduct feasibility analysis

  for new integrations and support the complete parser deployment lifecycle.

• Review parser performance, log quality, EPS (Events Per Second) optimization, and correlation tuning

  to ensure the efficiency and effectiveness of the SIEM.

• Document architecture, parser specifications, playbooks, and integration workflows

  to maintain clear operational guidelines.

• Lead implementation projects

  , including the installation, configuration, and tuning of

  ArcSight ESM (Enterprise Security Manager), Logger, and Smart Connectors

  .

• Work closely with security operations and infrastructure teams

  to integrate log sources and develop relevant use cases.

• Perform infrastructure sizing, health checks, and system performance tuning

  for ArcSight components.

• Develop and maintain comprehensive documentation

  including solution design, implementation guides, and Standard Operating Procedures (SOPs).

• Provide subject matter expertise

  during Proof of Concepts (POCs) and ongoing implementation support.

• Architect and implement end-to-end SIEM solutions

  using ArcSight components (ESM, SmartConnectors, Thub, Recon).

Required Qualifications

• Bachelor's degree in Computer Science/Information Technology or a similar field.
• Extensive experience in cybersecurity with significant experience in

  ArcSight solution design and deployment

  .
• Familiarity with

  regular expressions (regex)

  for parsing custom logs.
• Experience with

  log onboarding, parsing, and normalization processes

  .
• Strong skills in

  log analysis

  .
• Understanding of

  cloud environments (GCP)

  and

  Kubernetes & Docker technologies

  .
• Experience with the

  integration of different types of log sources

  .
• Solid understanding of

  CEF (Common Event Format), ArcSight Event Schema and Field Mapping, and Device/Product Event Categorization

  .
• Knowledge of

  Linux/Unix systems and basic scripting

  .
• Experience with

  ArcSight content development

  : rules, correlation, dashboards, reports.
• Familiarity with

  ArcSight upgrades and migration planning

  .
• Strong understanding of

  log management, threat detection, and SOC workflows

  .
• Knowledge of related tools and platforms such as

  SIEM, SOAR, firewalls, IDS/IPS, and endpoint security

  .

• Scripting knowledge

  (e.g., Python, Shell) for automation and data parsing.
• Excellent

  communication and stakeholder management skills

  .
• Hands-on experience in

  leading parser development, customization, and tuning

  for various log sources and third-party security technologies.
• Skilled in performing

  feasibility analysis and POCs

  for new log source integrations and managing the complete parser deployment lifecycle.