ArcSight UEBA & SIEM Specialist

Job Description: ArcSight UEBA & SIEM Specialist

Job Level: L2 and L3

Role Overview

We are looking for an experienced ArcSight UEBA & SIEM Specialist to lead deployment, integration, and operationalization of the UEBA platform along with SIEM Admin. The role involves building advanced analytics models, integrating with enterprise security tools, and enabling SOC teams with dashboards, reporting, and training.

Key Responsibilities

Deploy and configure ArcSight UEBA platform & integrate with SIEM, SOAR, ServiceNow, IDAM, PAM, XDR, DNS, DHCP, etc.

Develop custom UEBA models for insider threat, compromised accounts, privilege escalation, data exfiltration, lateral movement, service account abuse, and high-risk asset monitoring.

Build SOC dashboards (Executive, Operational, Privileged Accounts, Data Exfiltration, Lateral Movement, Service Account Abuse, High-Risk Assets).

Configure automated playbooks linking UEBA detections to SOAR responses.

Conduct SIEM use-case/policy/rule reviews and recommend improvements aligned with best practices.

Provide documentation, runbooks, and training sessions for SOC analysts and administrators.

Qualifications

Hands-on experience with ArcSight UEBA, SIEM & SOAR or similar platforms.

Strong knowledge of UEBA, SIEM, SOAR, EDR, IDAM, PAM, XDR, DNS, DHCP.

Expertise in SOC operations, incident handling, and security analytics.

Excellent documentation and training skills.

Relevant certifications (ArcSight, CISSP, CISM, CEH) preferred.

Email - kirti.rustagi@raspl.com