Working in a 24x7 Security Operations Center.Monitoring the customer network using ArcSight SIEM.Act as first level support for all Security Issues.Analyzing Realtime security incidents and checking whether its true positive or false positive.Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.Raising true positive incidents to the respective team for further action.Creating tickets on service now and assigning it to the respective team and taking the follow-up until closer to security incidents by doing in-depth analysis of event payload, providing recommendations regarding security incidents mitigation which in turn makes the customer business safe and secure.Contacting the customers directly in case of high priority incidents and helping the customer in the process of mitigating the attacks.Determine the scope of security incident and its potential impact to Client network; recommend steps to handle the security incident with all information and supporting evidence of security events.Monitoring security systems and networks for anomaliesWork closely with business units to ensure that they know what and how to feed data into the Arcsight SIEMCo-ordinate with networking teams to maintain and establish communication to remote Arcsight ConnectorsInvestigate malicious phishing emails, domains, and IPs using Open-Source tools and recommend proper blocking based on analysisInstalling ArcSight ConnectorsUpgradation of ArcSight ConnectorsIntegration of new devices with ArcSight such as Windows, Linux, CISCO Firewall, Routers, Switches etc.Doing the troubleshooting if any device is not sending the logs to the ArcSight.Creation of ArcSight content like Correlation Rules, Query, Report, Dashboards etc.Troubleshooting SIEM dashboard issues when there are no reports getting generated or no data available.