Security Engineer

Summary

Join Sword Health, a Forbes Best Startup Employer, and become a Security Engineer at the forefront of safeguarding our cloud infrastructure and applications. You will design, implement, and maintain secure cloud-based infrastructure and applications across GCP and AWS, ensuring HIPAA and GDPR compliance. Your responsibilities include incident response, threat monitoring, root cause analysis, and collaboration with cross-functional teams. This role requires a Bachelor's degree, 5+ years of cloud security experience, and proficiency in scripting languages. We offer competitive benefits, including health insurance, remote work options, flexible hours, and unlimited vacation.

Requirements

• Bachelor's degree in Computer Science, Information Security, or equivalent work experience in a related field
• Minimum of 5 years of experience in cloud security, with hands-on experience in GCP and AWS
• Strong understanding of cloud security concepts, including IAM, network security, encryption, and secure cloud configurations
• Proficiency in scripting languages (e.g., Python, Bash) for automation and infrastructure management
• Experience with cloud security tools such as Google Security Command Center, Wiz, AWS Security Hub, AWS GuardDuty, and SIEM platforms
• Knowledge of common security frameworks and standards, such as NIST, CIS, and COBIT
• Excellent problem-solving skills and the ability to think critically and strategically

Responsibilities

• Design, implement, and maintain secure cloud-based infrastructure and applications, and secure configurations across GCP and AWS to ensure Sword remains secure and HIPAA- and GDPR-Compliant
• Ensure incident response capability through the evaluation of our logging and traceability resources, providing guidance on optimal resource utilization and availability
• Monitor cloud environments for security threats, vulnerabilities and misconfigs, and respond promptly to security breaches, ensuring effective incident response protocols
• Perform root cause analyses (RCA) and incident reviews
• Advise on compensatory and mitigatory controls strategically, serving as a key element in incident response management
• Collaborate with cross-functional teams to design, develop, and implement infrastructure automation, shell scripts, and other programs that enhance security
• Identify and ensure the availability of crucial data sources and logs used by the security team
• Management of vulnerabilities and patching policies
• Develop, evangelize, and monitor the adoption of sound cloud security practices and standards, acting proactively to hardening and fine tuning initiatives
• Perform root cause analyses (RCA) and incident reviews
• Develop new, and review/update existing security-related configurations of Sword Health’s infrastructure
• Identify new, and ensure availability of existing Sword Health data sources and logs that are being used by various Sword Health Security teams
• Ownership and management of preventative security measures and services related to Sword Health, i.e. GCP’s Security Command Center, Wiz, etc

Preferred Qualifications

• Experience with secure software development practices
• Knowledge of container orchestration platforms (e.g., Kubernetes)
• Familiarity with threat modeling and risk assessment methodologies
• Experience in tailoring and implementing compensatory/mitigatory controls in cloud environments
• Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders
• Experience leading security-related projects and working in cross-functional teams
• Demonstrated ability to collaborate effectively with colleagues and build strong working relationships
• Certifications such as AWS Certified Security - Specialty, Google Cloud Professional Cloud Security Engineer, or Certified Information Systems Security Professional (CISSP) are highly desirable

Benefits

• Health, dental and vision insurance
• Meal allowance
• Equity shares
• Remote work allowance
• Flexible working hours
• Work from home
• Unlimited vacation
• Snacks and beverages
• English class
• Unlimited access to our Learning Platform