col-wideJob Description:
Sword Health is on a mission to free two billion people from pain as the world's first and only end-to-end platform to predict, prevent and treat pain. Delivering a 62% reduction in pain and a 60% reduction in surgery intent, at Sword, we are using technology to save millions for our 2,500+ enterprise clients across three continents. Today, we hold the majority of industry patents, win 70% of competitive evaluations, and have raised more than $300 million from top venture firms like Founders Fund, General Catalyst, and Khosla Ventures. Recognized as a Forbes Best Startup Employer in 2023, this award highlights our focus on being a destination for the best and brightest talent. Not only have we experienced unprecedented growth since our market debut in 2020, but we've also created a remarkable mission and value-driven environment that is loved by our growing team. With a recent valuation of $2 billion, we are in a phase of hyper growth and expansion, and we're looking for individuals with passion, commitment, and energy to help us scale our impact. Joining Sword Health means committing to a set of core values, chief amongst them to "do it for the patients" every day, and to always "deliver more than expected" on behalf of our members and clients.This is an opportunity for you to make a significant difference on a massive scale as you work alongside 800+ (and growing!) talented colleagues, spanning two continents. Your charge? To help us build a pain-free world, powered by technology, enhanced by people — accessible to all. As a Senior Cloud Security Engineer at Sword, you will be at the forefront of safeguarding our cloud infrastructure. Your expertise will ensure robust security measures, incident response, and continuous improvement.This role must be in Portugal.
What You Will Be Doing:
Design, implement, and maintain secure cloud-based infrastructure and applications, and secure configurations across GCP and AWS to ensure Sword remains secure and HIPAA- and GDPR-Compliant.
Manage the execution of penetration tests and coordinate all remediation activities with the engineering team
Monitor cloud environments for security incidents and respond promptly to security breaches, ensuring effective incident response protocols.
Perform root cause analyses (RCA) and incident reviews
Stay current with the latest cloud security technologies and make recommendations for continuous improvement of cloud security infrastructure.
Collaborate with cross-functional teams to design, develop, and implement infrastructure automation, shell scripts, and other programs that enhance security.
Work closely with analysts, engineers, and data scientists across the organization to promote cyber resilience and best security practices.
Identify and ensure the availability of crucial data sources and logs used by the security team
Extends Cloud Security Engineer responsibilities, plus;
Management of Cloud vulnerability management and patching policies
Develop, evangelize, and monitor the adoption of sound cloud security practices
Perform root cause analyses (RCA) and incident reviews
Develop new, and review/update existing security-related configurations of Sword Health's infrastructure
Identify new, and ensure availability of existing Sword Health data sources and logs that are being used by various Sword Health Security teams
Ownership and management of preventative security measures and services related to Sword Health, GCP's Security Command Center, Wiz, etc"
What You Will Need to Have:
Bachelor's degree in Computer Science, Information Security, or equivalent work experience in a related field.
Minimum of 5 years of experience in cloud security, with hands-on experience in GCP and AWS.
Strong understanding of cloud security concepts, including IAM, network security, encryption, and secure cloud configurations.
Proficiency in scripting languages (, Python, Bash) for automation and infrastructure management.
Experience with cloud security tools such as Google Security Command Center, Wiz, AWS Security Hub, AWS GuardDuty, and SIEM platforms.
Knowledge of common security frameworks and standards, such as NIST, CIS, and COBIT.
Excellent problem-solving skills and the ability to think critically and strategically.
What We Would Love to See:
Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders.
Experience leading security-related projects and working in cross-functional teams.
Demonstrated ability to collaborate effectively with colleagues and build strong working relationships.
Certifications such as AWS Certified Security - Specialty, Google Cloud Professional Cloud Security Engineer, or Certified Information Systems Security Professional (CISSP) are highly desirable.
