Principal Security Engineer

About Providence

Providence, one of the US’s largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, ‘Health for a better world’, Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US.

Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.


Why Us?

  • Best In-class Benefits
  • Inclusive Leadership
  • Reimagining Healthcare
  • Competitive Pay
  • Supportive Reporting Relation

What will you be responsible for?

  • Lead penetration testing, vulnerability assessments, and threat modeling activities against internal and external systems, applications, and infrastructure.
  • Define objectives and scope of penetration testing activities within an ethical and legal framework.
  • Design and execute comprehensive test plans covering functional, non-functional, and security aspects.
  • Develop and implement effective security testing methodologies and best practices, ensuring alignment with industry best practices and compliance requirements.
  • Identify, prioritize, and report security vulnerabilities: Analyze discovered vulnerabilities, assess their impact, and recommend effective remediation strategies.
  • Research, and evaluate current vulnerabilities, provide remediation and configuration guidance.
  • Develop and maintain automated test scripts using various testing frameworks and tools.
  • Collaborate with stakeholders to develop remediation strategies.
  • Foster a culture of learning and development within the team by sharing expertise.

 

 your work week look like?

  • Implementing frameworks like MITRE ATT&CK and PTES to design realistic attack scenarios and exploit complex vulnerabilities.
  • Identify, log, and report security flaws effectively, providing detailed steps to reproduce.
  • Conduct penetration tests against various systems and applications, including web applications, APIs, infrastructure, and cloud environments.
  • Conduct post-exploitation activities and assess potential consequences to product owners and stakeholders.
  • Prioritize vulnerabilities based on risk and recommend comprehensive remediation strategies.
  • Prepare and present security reports and findings to management and stakeholders.
  • Collaborating with developers, product owners, and stakeholders to communicate security findings, recommend remediation actions.
  • Maintain accurate and up-to-date documentation of Document testing procedures, findings, and recommendations.

 

Who are we looking for?

  • Bachelor’s degree in Computer Science, Information Security, or related field.
  • 12+ years of experience in security testing, with at least 6 years of experience with Penetration Testing.
  • Experience with industry-standard security testing tools and methodologies (e.g., Burp Suite, Metasploit, Kali Linux, OWASP, CWE, MITRE ATT&CK).
  • Experience working with GitHub, CI/CD technology, shift-left tools, and application security workflow.
  • Knowledge of relevant security standards and regulations (e.g., PCI DSS, HIPAA).
  • Strong scripting and programming skills (e.g., Python).
  • Experience with cloud security assessments (Azure).
  • Experience with red teaming and social engineering techniques.
  • Excellent communication, collaboration, and interpersonal skills.
  • Ability to work independently and take ownership of projects.
  • Additional certifications, such as CISSP, OSCP, or CEH, are a plus.

 

Providence’s vision to create ‘Health for a Better World’ aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization’s success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct.

Contact our Integrity hotline also, read our Code of Conduct.