Providence
Senior Principal Security Engineer IS, Cyber Threat Intelligence
Providence, Portland, Oregon, United States, 97204
Senior Principal Security Engineer IS, Cyber Threat Intelligence
Providence is seeking a Senior Principal Security Engineer with a threat hunting and cyber threat intelligence background. You will play a crucial role on the Cyber Threat Intelligence team and in our cybersecurity strategy, leveraging deep threat hunting expertise to lead CTI’s efforts in tracking, identifying, analyzing, and mitigating emerging threats targeting our healthcare infrastructure. You will also play a key role in articulating the threat landscape to senior leadership and in support of Providence’s Threat Detection and Response operations, informing risk and executive leadership decision‑making.
Hybrid Work Options Hybrid role with up to 65 miles commuting distance from any of our primary office locations listed below. Hybrid work involves a combination of in‑office and remote work each week, with the weekly schedule determined by the manager based on departmental needs.
Washington: Seattle, Redmond, Renton, Vancouver
California: Los Angeles, Irvine
Oregon: Portland
Essential Functions
Lead advanced threat hunting initiatives, developing frameworks and methodologies for the team’s hunting and detection efforts.
Foster a culture of learning and development within the team by sharing threat hunting expertise.
Communicate and document hunting methodologies and findings to aid in development of metrics, and present findings and insights to technical and non‑technical stakeholders, including executives, to enhance overall cyber threat and risk awareness.
Classify, categorize, and analyze malware and threats. Translate this into actionable detections using frameworks such as MITRE ATT&CK.
Monitor and assess the healthcare industry threat landscape, including adversaries and their targets, malware, TTPs, emerging threats, and trends that may impact the organization.
Perform root cause analysis and provide recommendations for proactive measures to help prevent cyber intrusions.
Collaborate with internal teams to provide timely and actionable intelligence, aligned with operational needs, that support CTI, CIRT, Attack Surface Management, and other cybersecurity initiatives.
Develop and maintain threat profiles with tactical intelligence to enhance detection engineering and threat hunting operations.
Monitor and assess emerging technologies, such as AI and machine learning capabilities to augment and enhance threat detection, triage, and analysis.
Continuously update and refine existing threat intelligence processes and methodologies to ensure the organization remains at the forefront of cyber defense.
Stay informed about the latest trends, tools, and techniques in the field of threat intelligence and incorporate best practices into daily operations.
Required Qualifications
Bachelor's Degree in Computer Engineering, Computer Science, Mathematics, Engineering — or a combination of equivalent education and experience.
Upon hire: CISSP, CISM, CEH, or equivalent.
10 or more years of related experience.
Experience performing in an Incident Commander role for cyber incidents and issues affecting business operations across the environment and driving resolution of those issues.
In-depth experience designing security controls and countermeasures for operating systems, databases, applications, Web services, user devices, and wireless networks.
Preferred Qualifications
Master's Degree in Computer Engineering, Computer Science, Mathematics, Engineering.
Experience in a Healthcare environment.
At least 10 years of experience in a dedicated threat hunting role.
Minimum of 5 years’ experience in a dedicated threat hunting role at the Principal or Senior Principal level, or an equivalent position.
Strong experience in malware sandbox analysis and analyzing IOCs, TTPs, and a variety of logs to uncover threats and implement detections.
Strong experience communicating threat intelligence to senior leadership, tailoring information to both technical and non‑technical audiences.
Experience in knowledge sharing back to colleagues to foster a culture of professional skills development and growth is highly desirable.
Experience conducting in-depth analysis on cyber threats, including identifying threat actors’ motivations, intent, and TTPs.
Proficiency with CrowdStrike query language desirable, also Python or other programming language.
A deep understanding of threat intelligence, incident response, and threat hunting frameworks, methodologies, and approaches.
Demonstrated experience applying frameworks such as MITRE ATT&CK, Cyber Kill Chain, Diamond Model of Intrusion Analysis, others.
Salary Range by Location
California: Los Angeles, Irvine — $79.43–$135.24/k
Oregon: Portland Service Area — $76.20–$129.74/k
Washington: Seattle, Redmond, Renton — $79.43–$135.24/k
Washington: Vancouver — $76.20–$129.74/k
About Providence Providence offers hybrid work options for candidates living within a daily commuting distance. Providence caregivers are not simply valued – they’re invaluable. Join our team at Enterprise Information Services and thrive in our culture of patient‑focused, whole‑person care built on understanding, commitment, and mutual respect.
Equal Opportunity Employer Providence is proud to be an Equal Opportunity Employer. We are committed to the principle that every workforce member has the right to work in surroundings that are free from all forms of unlawful discrimination and harassment on the basis of race, color, gender, disability, veteran, military status, religion, age, creed, national origin, sexual identity or expression, sexual orientation, marital status, genetic information, or any other basis prohibited by local, state, or federal law. We believe diversity makes us stronger, so we are dedicated to shaping an inclusive workforce, learning from each other, and creating equal opportunities for advancement.
Requisition ID 394454
#J-18808-Ljbffr
Hybrid Work Options Hybrid role with up to 65 miles commuting distance from any of our primary office locations listed below. Hybrid work involves a combination of in‑office and remote work each week, with the weekly schedule determined by the manager based on departmental needs.
Washington: Seattle, Redmond, Renton, Vancouver
California: Los Angeles, Irvine
Oregon: Portland
Essential Functions
Lead advanced threat hunting initiatives, developing frameworks and methodologies for the team’s hunting and detection efforts.
Foster a culture of learning and development within the team by sharing threat hunting expertise.
Communicate and document hunting methodologies and findings to aid in development of metrics, and present findings and insights to technical and non‑technical stakeholders, including executives, to enhance overall cyber threat and risk awareness.
Classify, categorize, and analyze malware and threats. Translate this into actionable detections using frameworks such as MITRE ATT&CK.
Monitor and assess the healthcare industry threat landscape, including adversaries and their targets, malware, TTPs, emerging threats, and trends that may impact the organization.
Perform root cause analysis and provide recommendations for proactive measures to help prevent cyber intrusions.
Collaborate with internal teams to provide timely and actionable intelligence, aligned with operational needs, that support CTI, CIRT, Attack Surface Management, and other cybersecurity initiatives.
Develop and maintain threat profiles with tactical intelligence to enhance detection engineering and threat hunting operations.
Monitor and assess emerging technologies, such as AI and machine learning capabilities to augment and enhance threat detection, triage, and analysis.
Continuously update and refine existing threat intelligence processes and methodologies to ensure the organization remains at the forefront of cyber defense.
Stay informed about the latest trends, tools, and techniques in the field of threat intelligence and incorporate best practices into daily operations.
Required Qualifications
Bachelor's Degree in Computer Engineering, Computer Science, Mathematics, Engineering — or a combination of equivalent education and experience.
Upon hire: CISSP, CISM, CEH, or equivalent.
10 or more years of related experience.
Experience performing in an Incident Commander role for cyber incidents and issues affecting business operations across the environment and driving resolution of those issues.
In-depth experience designing security controls and countermeasures for operating systems, databases, applications, Web services, user devices, and wireless networks.
Preferred Qualifications
Master's Degree in Computer Engineering, Computer Science, Mathematics, Engineering.
Experience in a Healthcare environment.
At least 10 years of experience in a dedicated threat hunting role.
Minimum of 5 years’ experience in a dedicated threat hunting role at the Principal or Senior Principal level, or an equivalent position.
Strong experience in malware sandbox analysis and analyzing IOCs, TTPs, and a variety of logs to uncover threats and implement detections.
Strong experience communicating threat intelligence to senior leadership, tailoring information to both technical and non‑technical audiences.
Experience in knowledge sharing back to colleagues to foster a culture of professional skills development and growth is highly desirable.
Experience conducting in-depth analysis on cyber threats, including identifying threat actors’ motivations, intent, and TTPs.
Proficiency with CrowdStrike query language desirable, also Python or other programming language.
A deep understanding of threat intelligence, incident response, and threat hunting frameworks, methodologies, and approaches.
Demonstrated experience applying frameworks such as MITRE ATT&CK, Cyber Kill Chain, Diamond Model of Intrusion Analysis, others.
Salary Range by Location
California: Los Angeles, Irvine — $79.43–$135.24/k
Oregon: Portland Service Area — $76.20–$129.74/k
Washington: Seattle, Redmond, Renton — $79.43–$135.24/k
Washington: Vancouver — $76.20–$129.74/k
About Providence Providence offers hybrid work options for candidates living within a daily commuting distance. Providence caregivers are not simply valued – they’re invaluable. Join our team at Enterprise Information Services and thrive in our culture of patient‑focused, whole‑person care built on understanding, commitment, and mutual respect.
Equal Opportunity Employer Providence is proud to be an Equal Opportunity Employer. We are committed to the principle that every workforce member has the right to work in surroundings that are free from all forms of unlawful discrimination and harassment on the basis of race, color, gender, disability, veteran, military status, religion, age, creed, national origin, sexual identity or expression, sexual orientation, marital status, genetic information, or any other basis prohibited by local, state, or federal law. We believe diversity makes us stronger, so we are dedicated to shaping an inclusive workforce, learning from each other, and creating equal opportunities for advancement.
Requisition ID 394454
#J-18808-Ljbffr