Sword Health

Senior Security Operations Engineer

Sword Health

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityGoogle Cloud PlatformPythonSplunk

About the role

  • Design and continuously improve detection and alerting controls, ensuring high fidelity and contextual relevance to reduce noise and enable rapid response.
  • Build, test, and automate incident response playbooks and runbooks, increasing efficiency and consistency across the incident lifecycle.
  • Drive prioritization of alerts using a data-driven, scalable triage framework, aligned with business impact and threat context.
  • Lead in-depth investigations, including root cause analysis and digital forensics, and convert findings into actionable insights to strengthen detection and resilience.
  • Proactively engage in threat intelligence and threat hunting, identifying new tactics, techniques, and procedures (TTPs), enriching existing controls, and feeding insights into the detection pipeline.
  • Own incident handling from detection to resolution, collaborating with engineering, IT, and business teams to contain, eradicate, and recover from threats.
  • Define and maintain operational metrics for incident response, using them to drive continuous improvement in speed, accuracy, and organizational readiness.

Requirements

  • Required: Public Trust Clearance
  • Bachelor’s degree in Computer Science, Cybersecurity, or equivalent professional experience.
  • Solid experience in cloud environments (AWS, GCP, or Azure), with strong understanding of cloud-native threats.
  • Proficiency in scripting languages (e.g., Python, Bash) for automation and tooling development.
  • Hands-on experience with SOC tools and platforms, such as SIEM (Splunk, Sentinel, etc.), SOAR, EDR/XDR, and log management.
  • Strong understanding of incident containment and eradication strategies, with proven ability to coordinate response with technical teams.
  • Familiarity with security frameworks and standards (NIST 800-61, CIS Controls, MITRE ATT&CK, ISO 27001).
  • Excellent analytical, critical thinking, and problem-solving skills.
  • Ability to consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios.
  • Proficiency in process formulation and improvement.
  • Background in threat modeling, adversary emulation, and risk-based alert tuning.
  • Strong communicator with the ability to explain security risks and actions to both technical and non-technical audiences.
  • Proven track record of leading cross-functional efforts in high-pressure situations.
  • Ability to foster collaboration across InfoSec, IT, and engineering teams.
  • Forensics experience, investigating incidents and preserving digital evidence.
Benefits
  • Comprehensive health, dental and vision insurance*
  • Life and AD&D Insurance*
  • Financial advisory services*
  • Supplemental Insurance Benefits (Accident, Hospital and Critical Illness)*
  • Health Savings Account*
  • Equity shares*
  • Discretionary PTO plan*
  • Parental leave*
  • 401(k)
  • Flexible working hours
  • Remote-first company
  • Paid company holidays
  • Free digital therapist for you and your family
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cloud environmentsAWSGCPAzurescripting languagesPythonBashSOC toolsSIEMforensics
Soft Skills
analytical skillscritical thinkingproblem-solvingcommunicationcollaborationleadershipprocess improvementability to synthesize intelligenceability to coordinate responseability to explain security risks
Certifications
Public Trust ClearanceBachelor’s degree in Computer ScienceBachelor’s degree in Cybersecurity