Apply now »

Lead Cybersecurity Engineer

About Providence

Providence, one of the US’s largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, ‘Health for a better world’, Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US.

Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.


Why Us?

  • Best In-class Benefits
  • Inclusive Leadership
  • Reimagining Healthcare
  • Competitive Pay
  • Supportive Reporting Relation

Job Description – SIEM Lead Engineer

Role Overview

The SIEM Lead Engineer is responsible for leading the design, development, and optimization of SIEM alerting, enrichment, and monitoring capabilities using Splunk. This role focuses on improving alert fidelity, contextual enrichment, detection engineering, and overall SOC effectiveness. The role acts as a technical lead and escalation point, working closely with SOC Analysts, Threat Detection, Security Engineering, and platform teams.

Key Responsibilities

  • Lead engineering and optimization of Splunk-based SIEM alerting and monitoring.
  • Design, develop, and tune correlation rules and detections to reduce false positives.
  • Own alert lifecycle management including creation, tuning, validation, and retirement.
  • Design and implement alert enrichment using IAM, CMDB, vulnerability, and threat intelligence sources.
  • Ensure alerts are enriched with user, asset, privilege, and business context.
  • Engineer and maintain Splunk data ingestion, normalization, and CIM compliance.
  • Support onboarding of log sources across endpoint, network, cloud, and identity platforms.
  • Develop detection use cases mapped to MITRE ATT&CK.
  • Act as L3 escalation for complex SIEM and detection issues.
  • Maintain SOPs, runbooks, and SIEM documentation.
  • Mentor SIEM engineers and provide technical guidance.

Required Skills & Experience

  • 5~8 years of experience in SIEM or security engineering roles.
  • Strong hands-on expertise with Splunk Enterprise / Splunk ES.
  • Proven experience in SIEM alert development, tuning, and enrichment.
  • Strong understanding of security telemetry across endpoint, network, cloud, and IAM.
  • Proficiency in SPL (Search Processing Language).
  • Experience with MITRE ATT&CK and SOC workflows.
  • Experience integrating SIEM with IAM, CMDB, vulnerability, and threat intel platforms.

Preferred Qualifications

  • Experience in regulated environments such as healthcare or financial services.
  • Exposure to SOAR platforms and automated response workflows.
  • Scripting experience using Python or PowerShell.
  • Relevant security or Splunk certifications.

Providence’s vision to create ‘Health for a Better World’ aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization’s success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct.

Contact our Integrity hotline also, read our Code of Conduct.

Apply now »