Senior SIEM

Company DescriptionSkillmine Technology is a global technology consulting and services company dedicated to helping businesses evolve, remain competitive, and prepare for the future. Our areas of expertise include Digital Transformation & Automation, Cybersecurity & Risk Management, AI/ML & Advanced Analytics, Cloud & Infrastructure Services, IT Managed Services, and IT Capability & Support. Operating across India, the Middle East, the UK, and the USA, we combine strategic insight with execution to deliver business agility and drive innovation. With a focus on outcome-based solutions and customer success, we strive to transform businesses and create lasting value.Experience Required: Minimum 5+ yearsLocation: DelhiRole: Security Operations / CybersecurityShift: 24x7 / Global On-call SupportJob SummaryWe are seeking a highly skilled Senior SIEM (ArcSight) Engineer with a minimum of 5 years of hands-on experience to manage and support our global Security Information and Event Management (SIEM) environment. The ideal candidate will be responsible for designing, maintaining, optimizing, and scaling our ArcSight-based SIEM platform to ensure maximum detection capability, reliability, and security visibility across the organization.Key ResponsibilitiesSIEM Administration & EngineeringManage and maintain the global ArcSight SIEM platform including ESM, Logger, SmartConnectors, and SOAR integrations.Perform daily health checks, tuning, troubleshooting, and system optimization.Monitor connector performance, log flow, parser updates, and event normalization.Use Case Development & Threat DetectionDevelop, enhance, and maintain security detection rules, correlation logic, and dashboards.Work with SOC analysts to fine-tune rules, reduce false positives, and improve detection fidelity.Translate emerging threats, TTPs, and business risks into actionable SIEM use cases.Log Onboarding & IntegrationOnboard new log sources from global environments including on-prem, cloud (AWS/Azure/GCP), network, and applications.Work with infrastructure and application teams to ensure accurate log collection, formatting, and ingestion.Create and update parsers, flex connectors, and field mappings as required.System Scaling & PerformanceMaintain high availability, performance tuning, and capacity planning for SIEM infrastructure.Participate in SIEM upgrades, patching, and architecture improvements.Compliance & ReportingSupport security audits, compliance initiatives (ISO, SOC2, PCI, etc.) and incident investigations.Generate custom dashboards, executive reports, and operational metrics.Collaboration & SupportWork closely with the global SOC, threat intelligence, incident response, and infrastructure teams.Provide Level 3 engineering support for escalated SIEM issues.Offer guidance and mentorship to junior team members.Required Qualifications & Skills5+ years of experience working with ArcSight SIEM (ESM, Logger, SmartConnectors).Strong knowledge of SIEM architecture, log ingestion pipelines, event parsing, and correlation rules.Hands-on experience with Linux, scripting (Python, Bash, PowerShell), and SQL.Solid understanding of security operations, incident response, threat detection, and MITRE ATT&CK framework.Experience onboarding various log sources (firewalls, endpoints, applications, servers, cloud platforms).Familiarity with regex, parser creation, and custom connector development.Ability to analyze complex technical issues and deliver effective solutions.Strong communication skills and ability to work in a global, distributed environment.Preferred QualificationsArcSight certifications (ACE, ACS, etc.).Experience with SOAR platforms, UEBA, or threat intelligence tools.Knowledge of cloud-native SIEM or logging tools (e.g., Sentinel, Splunk, Chronicle, QRadar).Experience with automation and orchestration (Python, REST APIs).Background in cybersecurity frameworks (NIST, MITRE, CIS).Btech/MSCit/MCA