Sword HealthDevOps

Security Operations Lead

Portugal$50k–$79kPosted today

Sword is building AI to heal billions and unlock humanity’s full potential. The Security Operations Lead will lead the SecOps squad, overseeing threat detection, investigation, and response, and shaping the function's architecture and processes using automation and AI across a multi-continent footprint.

Location: Portugal

Salary: $50k–$79k

Responsibilities

Lead the SecOps squad and own threat detection, investigation, and response processes.
Structure and direct the SecOps function, including SIEM architecture, detection engineering, and incident response.
Utilize automation and AI to scale the team and operations across multiple continents.

Requirements

Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience.
Experience scaling a SOC through automation and AI, with impact on MTTR, coverage, or analyst leverage.
Experience structuring a SOC, including SIEM selection, implementation, detection engineering, runbook libraries, on-call rotations, and metrics.
Deep expertise in SIEM tools (Splunk, Sentinel, Chronicle, Elastic, or similar).
Experience as the technical lead of a SOC or CSIRT team, owning incident response lifecycle, mentoring, and acting as incident commander.
Strong incident response skills, including investigations, root cause analysis, forensics, and post-incident improvements.
Experience with cloud environments (AWS/GCP) and cloud-native threats.
Strong scripting skills (Python, Go, Bash) for automation and tooling.
Knowledge of EDR/XDR, identity, network telemetry, and detection signal integration.
Familiarity with security frameworks (NIST, CIS, MITRE, ISO 27001) and pragmatic application.
Background in threat modeling, adversary emulation, and alert tuning.
Excellent communication skills for technical and executive audiences.
Proven leadership in cross-functional, high-pressure situations.
Forensics experience in incident investigation and evidence preservation.