Cradlepoint is seeking an experienced ArcSight Solution Architect to lead the design, implementation, and optimization of ArcSight-based security solutions. The ideal candidate will possess deep expertise in SIEM (Security Information and Event Management), with extensive hands-on experience in ArcSight architecture, deployment, and integration with various log sources and security tools. This role includes close collaboration with cloud engineering, security operations, and compliance teams to ensure end-to-end security visibility, particularly across the GCP environment.
What You Will Do: Key Responsibilities
- Analyse and understand new log source formats (syslog, flat files, APIs, JSON etc.) to enable comprehensive data ingestion.
- Design and develop custom Flex Connectors, including robust support for JSON and non-standard log formats, and deploy these ArcSight Flex Connectors for custom log source integration.
- Lead parser creation and tuning for a wide range of log sources and security technologies, ensuring accurate data normalization.
- Collaborate with the SOC (Security Operations Center) and threat intelligence teams to build effective detection use cases and correlation rules aligned with the MITRE ATT&CK framework.
- Integrate ArcSight with SOAR (Security Orchestration, Automation, and Response) platforms for automated incident response, leveraging Python scripting for seamless orchestration.
- Conduct feasibility analysis for new integrations and support the complete parser deployment lifecycle.
- Review parser performance, log quality, EPS (Events Per Second) optimization, and correlation tuning to ensure the efficiency and effectiveness of the SIEM.
- Document architecture, parser specifications, playbooks, and integration workflows to maintain clear operational guidelines.
- Lead implementation projects, including the installation, configuration, and tuning of ArcSight ESM (Enterprise Security Manager), Logger, and Smart Connectors.
- Work closely with security operations and infrastructure teams to integrate log sources and develop relevant use cases.
- Perform infrastructure sizing, health checks, and system performance tuning for ArcSight components.
- Develop and maintain comprehensive documentation including solution design, implementation guides, and Standard Operating Procedures (SOPs).
- Provide subject matter expertise during Proof of Concepts (POCs) and ongoing implementation support.
- Architect and implement end-to-end SIEM solutions using ArcSight components (ESM, SmartConnectors, Thub, Recon).
Required Qualifications
- Bachelor's degree in Computer Science/Information Technology or a similar field.
- Extensive experience in cybersecurity with significant experience in ArcSight solution design and deployment.
- Familiarity with regular expressions (regex) for parsing custom logs.
- Experience with log onboarding, parsing, and normalization processes.
- Strong skills in log analysis.
- Understanding of cloud environments (GCP) and Kubernetes & Docker technologies.
- Experience with the integration of different types of log sources.
- Solid understanding of CEF (Common Event Format), ArcSight Event Schema and Field Mapping, and Device/Product Event Categorization.
- Knowledge of Linux/Unix systems and basic scripting.
- Experience with ArcSight content development: rules, correlation, dashboards, reports.
- Familiarity with ArcSight upgrades and migration planning.
- Strong understanding of log management, threat detection, and SOC workflows.
- Knowledge of related tools and platforms such as SIEM, SOAR, firewalls, IDS/IPS, and endpoint security.
- Scripting knowledge (e.g., Python, Shell) for automation and data parsing.
- Excellent communication and stakeholder management skills.
- Hands-on experience in leading parser development, customization, and tuning for various log sources and third-party security technologies.
- Skilled in performing feasibility analysis and POCs for new log source integrations and managing the complete parser deployment lifecycle.
