Principal Security Architect

About Providence

Providence, one of the US's largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, 'Health for a better world', Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US.

Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.

Why Us?

• Best In-class Benefits
• Inclusive Leadership
• Reimagining Healthcare
• Competitive Pay
• Supportive Reporting Relation

Cybersecurity at Providence is responsible for appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients)

What will you be responsible for?

• Lead the design and implementation of data ingestion from diverse sources, various mechanisms for integration and normalization of logs.
• Extension of pre-built UDMs in and creation of custom parsers where required for log sources.
• Integration of SIEM with other security capabilities and tools such as SOAR, EDR, threat intelligence platform, and ticketing systems.
• Write custom actions, scripts and/or integrations to extend SIEM platform functionality.
• Monitor performance and perform timely actions to scale SIEM deployment, especially in a very high-volume security environment.
• Testing and deployment of newly created and migrated assets such as rules, playbooks, alerts, dashboards etc.
• Lead and oversee deployment, operation, and maintenance of the global EDR platform.

What would your work week look like?

• Design and implement solutions to handle alert fatigue encountered in SIEM correlation.
• Guide on building or maturing cloud security programs and the implementation of tools and approaches used for improving cloud security.
• Debug and solve issues in ingestion, parsing, normalization of data etc.
• Develop custom queries, detection rules, workbooks, and automation playbooks to improve threat detection and response efficiency.
• Collaborate with threat analysts and incident response teams to triage, investigate, and respond to security alerts and incidents.
• Provide technical guidance in security best practices, incident response procedures, and threat hunting using security tools.
• Coordinate with service delivery managers, management, engineering, maintenance, and operational support teams to ensure timely delivery.
• Create and maintain documentation for SIEM & EDR configurations, procedures, and playbooks.
• Provide support response to other security teams in respect to the EDR platform.

Who are we looking for?

• Bachelor s degree in related filed, to include computer science, or equivalent combination of education and experience.
• 8+ years' experience in leading projects and delivering technical solutions related to security.
• Experience architecting, developing, or maintaining SIEM and SOAR platforms & secure Cloud solutions.
• Strong understanding of SIEM & EDR solutions such as Splunk, Crowdstrike, LogRhythm and Sentinel.
• Good understanding of log collection methodologies and aggregation techniques such as Syslog-NG, syslog, Nxlog, Windows Event Forwarding.
• Good understanding of MITRE ATT&CK framework, kill chains and other attack models.
• Proficiency in scripting languages (e.g., Python, PowerShell) for automation purposes.
• Strong verbal and written communication skills and the ability to develop high-quality.
• Relevant certifications (e.g., CISSP, CCNP Security) are a plus.

Providence's vision to create 'Health for a Better World' aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization's success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct.

Contact our Integrity hotline also, read our Code of Conduct.