Remote Security Engineer (Cloud)

Summary

Join Sword Health, a mission-driven company that uses technology to save millions for its enterprise clients across three continents. As a Security Engineer, you will be at the forefront of safeguarding our cloud infrastructure and applications. Your expertise will ensure robust security measures, incident response, and continuous improvement.

Requirements

• Bachelor's degree in Computer Science, Information Security, or related field, or equivalent work experience
• 3+ years of hands-on experience in Cloud Security
• Strong understanding of Cloud Security concepts, including DevSecOps practices, IAM, network security, encryption, and secure cloud configurations
• Hands-on experience with Cloud Security tools such as Google Security Command Center, Wiz, AWS Security Hub, AWS GuardDuty, and SIEM platforms
• Proficiency in scripting languages (e.g., Python, Bash)
• Experience with Cloud Security monitoring and assessment tools, including configuration management, vulnerability scanning, and cloud workload protection platforms
• Knowledge of common security frameworks and standards, such as NIST, CIS, and COBIT
• Strong communication and interpersonal skills
• Strong verbal and written communication skills in English
• Strong problem-solving skills and the ability to think critically and strategically

Responsibilities

• Design, implement, and maintain the security aspects of Sword’s cloud-based infrastructure and configurations across GCP and AWS to ensure Sword remains secure and HIPAA- and GDPR-Compliant
• Monitor cloud environments for security threats and vulnerabilities, and respond promptly to security breaches, ensuring effective incident response protocols
• Perform root cause analyses (RCA) and incident reviews
• Collaborate with cross-functional teams to design, develop, and implement infrastructure automation, shell scripts, and other programs that enhance security
• Identify and ensure the availability of crucial data sources and logs used by the security team
• Management of vulnerabilitIes and patching policies
• Develop, evangelize, and monitor the adoption of sound Cloud Security practices
• Ownership and management of preventative security measures and services related to Sword Health, i.e. GCP’s Security Command Center, Wiz, etc
• Monitor, analyze, and triage security logs to detect and respond to security incidents
• Stay up-to-date on the latest security threats and trends, and provide guidance on how to mitigate risks
• Integrate or build security tools that help to continuously monitor our ecosystem

Preferred Qualifications

• Experience with Application Security concepts, including secure coding practices, authentication and authorization mechanisms, data validation and sanitization, and vulnerability management
• Experience with containerization and microservices security
• Experience with container orchestration platforms (e.g., Kubernetes)
• Familiarity with threat modeling and risk assessment methodologies
• Familiarity with compliance frameworks (e.g., PCI DSS, SOC 2, ISO 27001, HIPAA)
• Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders
• Experience leading security-related projects and working in cross-functional teams
• Demonstrated ability to collaborate effectively with colleagues and build strong working relationships
• Certifications such as AWS Certified Security - Specialty, Google Cloud Professional Cloud Security Engineer, or CISSP

Benefits

• A stimulating, fast-paced environment with lots of room for creativity
• A bright future at a promising high-tech startup company
• Career development and growth, with a competitive salary
• The opportunity to work with a talented team and to add real value to an innovative solution with the potential to change the future of healthcare
• A flexible environment where you can control your hours (remotely) with unlimited vacation
• Access to our health and well-being program (digital therapist sessions)
• Remote or Hybrid work policy