ArcSight Solution Architect

About this opportunity:

We are looking for an experienced ArcSight Solution Architect to lead the design, implementation, and optimization of ArcSight-based security solutions. The ideal candidate will have deep expertise in SIEM (Security Information and Event Management), with hands-on experience in ArcSight architecture, deployment, and integration with various log sources and security tools. The role also includes close collaboration with cloud engineering, security operations, and compliance teams to ensure end-to-end security visibility across the GCP environment.

What will you do:

Analyse and understand new log source formats (syslog, flat files, APIs, JSON etc.).
Design and develop custom Flex Connectors, including support for JSON and non-standard log formats & deploy ArcSight Flex Connectors for custom log source integration.
Lead parser creation and tuning for various log sources and security technologies.
Collaborate with the SOC and threat intel teams to build detection use cases and correlation rules aligned with MITRE ATT&CK.
Integrate ArcSight with SOAR platforms for automated response, leveraging Python scripting.
Conduct feasibility analysis for new integrations and support parser deployment lifecycle.
Review parser performance, log quality, EPS optimization, and correlation tuning.
Document architecture, parser specifications, playbooks, and integration workflows.
Lead implementation projects, including installation, configuration, and tuning of ArcSight ESM, Logger, and Smart Connectors.
Work closely with security operations and infrastructure teams to integrate log sources and develop use cases.
Perform infrastructure sizing, health checks, and system performance tuning.
Develop and maintain documentation including solution design, implementation guides, and SOPs.
Provide subject matter expertise during POCs, and implementation support.

The skills you bring:

Bachelor in CS/IT or similar
8+ years of experience in cybersecurity with at least 4+ years in ArcSight solution design and deployment.
Familiarity with regular expressions (regex) for parsing custom logs.
Experience with log onboarding, parsing, and normalization processes.
Log analysis (Analyst)
Understanding of cloud environment (GCP) & Kubernetes & docker technologies
Integration of different types of log sources
Solid understanding of - CEF (Common Event Format) ,ArcSight Event Schema and Field Mapping, Device/Product Event Categorization
Knowledge of Linux/Unix systems and basic scripting.
Experience with ArcSight content development: rules, correlation, dashboards, reports. And familiarity with ArcSight upgrades and migration planning.
Strong understanding of log management, threat detection, and SOC workflows.
Knowledge of related tools and platforms such as SIEM, SOAR, firewalls, IDS/IPS, endpoint security.
Scripting knowledge (e.g., Python, Shell) for automation and data parsing.
Excellent communication and stakeholder management skills.
Architect and implement end-to-end SIEM solutions using ArcSight 24(ESM, SmartConnectors, Thub, Recon).
Hands-on experience in leading parser development, customization, and tuning for various log sources and third-party security technologies.
Integrate ArcSight with SOAR platforms for automated response, leveraging Python scripting.
Skilled in performing feasibility analysis and POCs for new log source integrations and managing the complete parser deployment lifecycle.