ArcSight SIEM Administrator

Role- ArcSight SIEM Administrator
Location- Remote
Contract Position

Responsibilities

SIEM Administration & Maintenance
Install, configure, and maintain ArcSight components (ESM, Logger, SmartConnectors, Console, ArcMC).
Manage ArcSight SmartConnectors: deployment, configuration, upgrades, and health monitoring.
Perform system upgrades, patch management, and daily operational checks.
Monitoring & Incident Handling
Monitor ArcSight infrastructure availability, performance, and event flow.
Troubleshoot connector failures, parsing issues, and event ingestion delays.
Collaborate with SOC teams for incident triage and investigation support.
Log Management & Onboarding
Onboard new log sources into ArcSight including parser tuning and validation.
Ensure log integrity, normalization, and enrichment.
Maintain log retention policies and compliance requirements
Rule, Dashboard, and Report Management
Create and optimize correlation rules, filters, queries, and dashboards.
Develop and maintain automated reports and alerts for security monitoring.
Perform rule tuning to minimize false positives and improve detection accuracy.
Performance & Optimization
Monitor system performance and capacity utilization.
Fine-tune configurations for scalability and efficiency.
Conduct root cause analysis for recurring system or connector issues.
Security & Compliance
Ensure ArcSight environment aligns with security best practices and audit requirements.
Support compliance use cases (ISO, PCI-DSS, HIPAA, SOC2, etc.).
Maintain proper access controls and segregation of duties.
Maintain SOPs, architecture diagrams, and operational runbooks.
Provide knowledge transfer sessions to SOC analysts and team members

Education: At least a bachelor s degree (or equivalent experience) in Computer Science, Software/Electronics Engineering, Information Systems, or a closely related field is required for the project