Lead Administrator (Support &Operations)
India
Apply now
Job Description
Lead Administrator (Support &Operations)
Chennai, Tamil Nadu

Job Summary

Job Description : 1. ArcSight Platform Administration\\\\r\\\\n\\\\r\\\\nInstall, configure, and maintain ArcSight ESM components\\\\r\\\\nPerform system upgrades, patching, and routine health checks\\\\r\\\\nManage ArcSight architecture including:\\\\r\\\\n\\\\r\\\\nESM Console\\\\r\\\\nCORR Engine\\\\r\\\\nEvent Processing components\\\\r\\\\n\\\\r\\\\n\\\\r\\\\nEnsure platform stability, availability, and compliance with operational standards\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n2. Log & Event Management\\\\r\\\\n\\\\r\\\\nOnboard and integrate log sources such as:\\\\r\\\\n\\\\r\\\\nNetwork devices (firewalls, routers)\\\\r\\\\nServers (Windows/Linux)\\\\r\\\\nApplications and cloud platforms\\\\r\\\\n\\\\r\\\\n\\\\r\\\\nConfigure and manage SmartConnectors (Syslog, Database, API, File-based, etc.)\\\\r\\\\nEnsure reliable log ingestion, normalization, and parsing\\\\r\\\\nMonitor log flow to prevent data loss and ensure completeness\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n3. Use Case & Rule Management\\\\r\\\\n\\\\r\\\\nDevelop and optimize correlation rules, alerts, and filters\\\\r\\\\nPerform rule tuning to minimize false positives and improve detection accuracy\\\\r\\\\nImplement security use cases aligned with MITRE ATT&CK; / Cyber Kill Chain\\\\r\\\\nSupport SOC team by enhancing detection capabilities and incident visibility\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n4. Monitoring & Performance Management\\\\r\\\\n\\\\r\\\\nMonitor SIEM platform health:\\\\r\\\\n\\\\r\\\\nCPU, memory, storage utilization\\\\r\\\\nEvents Per Second (EPS) handling\\\\r\\\\n\\\\r\\\\n\\\\r\\\\nTroubleshoot:\\\\r\\\\n\\\\r\\\\nLog ingestion delays\\\\r\\\\nConnector failures\\\\r\\\\nEvent drops or parsing issues\\\\r\\\\n\\\\r\\\\n\\\\r\\\\nOptimize CORR Engine performance and storage utilization\\\\r\\\\nEnsure high system performance and scalability\\\\r\\\\nSENTINEL:\\\\r\\\\n\\\\r\\\\n \\\\r\\\\n\\\\r\\\\nLog Management & Integration\\\\r\\\\n\\\\r\\\\nOnboard data sources:\\\\r\\\\nAzure (Azure AD, Defender, Activity Logs)\\\\r\\\\nM365 (Defender, Exchange, SharePoint)\\\\r\\\\nOn-prem & 3rd party (via Syslog, CEF, Agents)\\\\r\\\\nConfigure Data Connectors and Data Collection Rules (DCRs)\\\\r\\\\nEnsure reliable log ingestion and retention policies\\\\r\\\\nAutomation & SOAR\\\\r\\\\n\\\\r\\\\nDevelop Playbooks using Azure Logic Apps\\\\r\\\\nAutomate incident response workflows (email, ticketing, containment)\\\\r\\\\nIntegrate with tools like ServiceNow, Teams, Defender\\\\r\\\\n🔹 Querying & Hunting\\\\r\\\\n\\\\r\\\\nDevelop and optimize KQL (Kusto Query Language) queries\\\\r\\\\nPerform threat hunting using Sentinel Workbooks\\\\r\\\\nCreate custom dashboards for visibility

Key Responsibilities

Job Responsibilities : 1. ArcSight Platform Administration Install, configure, and maintain ArcSight ESM components Perform system upgrades, patching, and routine health checks Manage ArcSight architecture including: ESM Console CORR Engine Event Processing components Ensure platform stability, availability, and compliance with operational standards 2. Log & Event Management Onboard and integrate log sources such as: Network devices (firewalls, routers) Servers (Windows/Linux) Applications and cloud platforms Configure and manage SmartConnectors (Syslog, Database, API, File-based, etc.) Ensure reliable log ingestion, normalization, and parsing Monitor log flow to prevent data loss and ensure completeness 3. Use Case & Rule Management Develop and optimize correlation rules, alerts, and filters Perform rule tuning to minimize false positives and improve detection accuracy Implement security use cases aligned with MITRE ATT&CK; / Cyber Kill Chain Support SOC team by enhancing detection capabilities and incident visibility 4. Monitoring & Performance Management Monitor SIEM platform health: CPU, memory, storage utilization Events Per Second (EPS) handling Troubleshoot: Log ingestion delays Connector failures Event drops or parsing issues Optimize CORR Engine performance and storage utilization Ensure high system performance and scalability SENTINEL: Log Management & Integration Onboard data sources: Azure (Azure AD, Defender, Activity Logs) M365 (Defender, Exchange, SharePoint) On-prem & 3rd party (via Syslog, CEF, Agents) Configure Data Connectors and Data Collection Rules (DCRs) Ensure reliable log ingestion and retention policies Automation & SOAR Develop Playbooks using Azure Logic Apps Automate incident response workflows (email, ticketing, containment) Integrate with tools like ServiceNow, Teams, Defender 🔹 Querying & Hunting Develop and optimize KQL (Kusto Query Language) queries Perform threat hunting using Sentinel Workbooks Create custom dashboards for visibility

Skill Requirements

Skill Requirement : Strong experience in ArcSight ESM administration Hands-on with SmartConnectors configuration and troubleshooting Knowledge of SIEM architecture and log management concepts Experience with security frameworks (MITRE ATT&CK;, Kill Chain) Proficiency in Linux/Unix systems Understanding of network protocols, firewalls, and security logs Strong troubleshooting and analytical skills

Other Requirements

Other Requirement : Experience in other SIEM tools (Splunk, QRadar, Sentinel) Scripting knowledge (Shell/Python) Exposure to cloud security monitoring (Azure/AWS logs) ArcSight certification (preferred)
Apply now
Information at a Glance

Why HCLTech?

At HCLTech, you'll supercharge your potential. You'll find your career. And you'll find your spark. All at a place that knows that helping its customers stay on top starts by putting its people first.

HCLTech is a global technology company, home to more than 226,300 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending December 2025 totaled $14.5 billion.
23 Benefits At HCLTech, we believe in empowering our employees with comprehensive benefits that support their professional growth and enhance their well-being. When you sign up for a career with us, you gain access to: https://rmkcdn.successfactors.com/147eb21f/a701dca9-f32d-4fc9-9447-6.svg Industry-benchmarked compensation https://rmkcdn.successfactors.com/147eb21f/b0c54381-ddcc-4a33-9b35-9.svg Best-in-class healthcare benefits https://rmkcdn.successfactors.com/147eb21f/b73027be-7aae-4d36-a090-4.svg Personal time off https://rmkcdn.successfactors.com/147eb21f/d5b4fdfd-2e99-4e26-9878-9.svg Maternity and paternity benefits https://rmkcdn.successfactors.com/147eb21f/3d42b0fc-4652-435a-9ece-c.svg Access to skills / higher education programs/resources https://rmkcdn.successfactors.com/147eb21f/aeddeaf2-9e25-4584-ad11-d.svg Discounts on products and services via Benefit Box https://rmkcdn.successfactors.com/147eb21f/a9609a3b-2700-4b3c-9d90-a.svg Participate in CSR programs and live life with a purpose https://rmkcdn.successfactors.com/147eb21f/c6e33851-710f-4634-bd69-f.svg Opportunities to grow and advance your career Note: The benefits listed above vary depending on the nature of your employment and the country where you work. Some benefits may be available in some countries but not in all.