Security Engineer (Cloud)

Sword Health is on a mission to free two billion people from pain as the world's first and only end-to-end platform to predict, prevent and treat pain.  Delivering a 62% reduction in pain and a 60% reduction in surgery intent, at Sword, we are using technology to save millions for our 2,500+ enterprise clients across three continents. Today, we hold the majority of industry patents, win 70% of competitive evaluations, and have raised more than $300 million from top venture firms like Founders Fund, Sapphire Ventures, General Catalyst, and Khosla Ventures. Recognized as a Forbes Best Startup Employer in 2023, this award highlights our focus on being a destination for the best and brightest  talent. Not only have we experienced unprecedented growth since our market debut in 2020,  but we've also created a remarkable mission and value-driven environment that is loved by our growing team. With a recent valuation of $2 billion, we are in a phase of hyper growth and expansion, and we're looking for individuals with passion, commitment, and energy to help us scale our impact.  Joining Sword Health means committing to a set of core values, chief amongst them to "do it for the patients" every day, and to always "deliver more than expected" on behalf of our members and clients. This is an opportunity for you to make a significant difference on a massive scale as you work alongside 800+ (and growing!) talented colleagues, spanning two continents. Your charge? To help us build a pain-free world, powered by technology, enhanced by people — accessible to all. As a Security Engineer at Sword, you will be at the forefront of safeguarding our cloud infrastructure, and applications. Your expertise will ensure robust security measures, incident response, and continuous improvement.
\n What you'll be doing:Design, implement, and maintain the security aspects of Sword's cloud-based infrastructure and configurations across GCP and AWS to ensure Sword remains secure and HIPAA- and GDPR-Compliant;Monitor cloud environments for security threats and vulnerabilities, and respond promptly to security breaches, ensuring effective incident response protocols;Perform root cause analyses (RCA) and incident reviews;Collaborate with cross-functional teams to design, develop, and implement infrastructure automation, shell scripts, and other programs that enhance security;Identify and ensure the availability of crucial data sources and logs used by the security team;Management of vulnerabilitIes and patching policies;Develop, evangelize, and monitor the adoption of sound Cloud Security practices;Ownership and management of preventative security measures and services related to Sword Health, i.e. GCP's Security Command Center, Wiz, etc.;Monitor, analyze, and triage security logs to detect and respond to security incidents;Stay up-to-date on the latest security threats and trends, and provide guidance on how to mitigate risks;Integrate or build security tools that help to continuously monitor our ecosystem. What you need to have:Bachelor's degree in Computer Science, Information Security, or related field, or equivalent work experience;3+  years of hands-on experience in Cloud Security;Strong understanding of Cloud Security concepts, including DevSecOps practices, IAM, network security, encryption, and secure cloud configurations;Hands-on experience with Cloud Security tools such as Google Security Command Center, Wiz, AWS Security Hub, AWS GuardDuty, and SIEM platforms;Proficiency in scripting languages (e.g., Python, Bash);Experience with Cloud Security monitoring and assessment tools, including configuration management, vulnerability scanning, and cloud workload protection platforms;Knowledge of common security frameworks and standards, such as NIST, CIS, and COBIT;Strong communication and interpersonal skills;Strong verbal and written communication skills in English;Strong problem-solving skills and the ability to think critically and strategically. What we would love to see:Experience with Application Security concepts, including secure coding practices, authentication and authorization mechanisms, data validation and sanitization, and vulnerability management;Experience with containerization and microservices security;Experience with container orchestration platforms (e.g., Kubernetes);Familiarity with threat modeling and risk assessment methodologies;Familiarity with compliance frameworks (e.g., PCI DSS, SOC 2, ISO 27001, HIPAA);Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders;Experience leading security-related projects and working in cross-functional teams;Demonstrated ability to collaborate effectively with colleagues and build strong working relationships;Certifications such as AWS Certified Security - Specialty, Google Cloud Professional Cloud Security Engineer, or CISSP. To ensure you feel good solving a big Human problem, we offer:A stimulating, fast-paced environment with lots of room for creativity;A bright future at a promising high-tech startup company;Career development and growth, with a competitive salary;The opportunity to work with a talented team and to add real value to an innovative solution with the potential to change the future of healthcare;A flexible environment where you can control your hours (remotely) with unlimited vacation;Access to our health and well-being program (digital therapist sessions);Remote or Hybrid work policy.
\n*Please note that this position does not offer relocation assistance. Candidates must possess a valid EU visa and be based in Portugal. US - Sword Benefits & Perks: • Comprehensive health, dental and vision insurance* • Equity shares* • Discretionary PTO plan* • Parental leave* • 401(k) • Flexible working hours • Remote-first company • Paid company holidays • Free digital therapist for you and your family *Eligibility: Full-time employees regularly working 25+ hours per week Portugal - Sword Benefits & Perks: • Health, dental and vision insurance • Meal allowance • Equity shares • Remote work allowance • Flexible working hours • Work from home • Unlimited vacation • Snacks and beverages • English class • Unlimited access to Coursera Learning Platform *US Applicants Only: Applicants must have a legal right to work in the United States, and immigration or work visa sponsorship will not be provided.* SWORD Health, which includes SWORD Health, Inc. and Sword Health Professionals (consisting of Sword Health Care Providers, P.A., SWORD Health Care Providers of NJ, P.C., SWORD Health Care Physical Therapy Providers of CA, P.C.*) complies with applicable Federal and State civil rights laws and does not discriminate on the basis of Age, Ancestry, Color, Citizenship, Gender, Gender expression, Gender identity, Gender information, Marital status, Medical condition, National origin, Physical or mental disability, Pregnancy, Race, Religion, Caste, Sexual orientation, and Veteran status.