Security Engineer (SecOps)

Sword Health is on a mission to free two billion people from pain as the world’s first and only end-to-end platform to predict, prevent and treat pain. 

Delivering a 62% reduction in pain and a 60% reduction in surgery intent, at Sword, we are using technology to save millions for our 2,500+ enterprise clients across three continents. Today, we hold the majority of industry patents, win 70% of competitive evaluations, and have raised more than $300 million from top venture firms like Founders Fund, Sapphire Ventures, General Catalyst, and Khosla Ventures.

Recognized as a Forbes Best Startup Employer in 2023, this award highlights our focus on being a destination for the best and brightest  talent. Not only have we experienced unprecedented growth since our market debut in 2020,  but we’ve also created a remarkable mission and value-driven environment that is loved by our growing team. With a recent valuation of $2 billion, we are in a phase of hyper growth and expansion, and we’re looking for individuals with passion, commitment, and energy to help us scale our impact. 

Joining Sword Health means committing to a set of core values, chief amongst them to “do it for the patients” every day, and to always “deliver more than expected” on behalf of our members and clients.

This is an opportunity for you to make a significant difference on a massive scale as you work alongside 800+ (and growing!) talented colleagues, spanning two continents. Your charge? To help us build a pain-free world, powered by technology, enhanced by people — accessible to all.

We are seeking an experienced Security Operations Engineer to join our InfoSec team. You will implement security measures and lead incident response efforts to protect our digital assets.

What you’ll be doing:

• Monitor networks, systems, and applications using the tools and techniques to identify malicious activities, intrusions, and unauthorized access attempts;
• Implement and manage EDR (Endpoint Detection and Response) solutions closely with IT;
• Lead incident response efforts, conducting thorough investigations and root cause analysis;
• Coordinate rapid and effective responses to mitigate risks when threats are detected;
• Spearhead threat intelligence initiatives, including the development of comprehensive threat models;
• Describe potential attack vectors that threat actors may use against our organization;
• Collect, analyze, and disseminate threat data to relevant stakeholders;
• Highlight relevant cybersecurity news and trends for security leadership;
• Propose and implement security controls based on threat intelligence findings;
• Implement and manage a comprehensive set of security metrics that align with organizational goals and provide actionable insights;
• Deliver concise, impactful security reports tailored for management, highlighting key findings, trends, and recommended actions;
• Lead vulnerability assessments and coordinate remediation efforts;
• Implement advanced security measures across Sword's infrastructure;
• Ensure regular scans of the external perimeter and manage vulnerability triage;
• Develop and deliver targeted security awareness campaigns;
• Conduct simulated phishing exercises to assess and improve organizational resilience.

What you need to have:

• Bachelor's degree in Computer Science, Information Security, or related field, or equivalent work experience;
• 5+ years of experience in cybersecurity, with a focus on security operations;
• Strong knowledge of vulnerability management, threat detection, and incident response;
• Experience with IDS, EDR,  and other security tools;
• Proficiency in scripting languages (e.g., Python, PowerShell) for automation;
• Excellent analytical and problem-solving skills;
• Strong communication skills and ability to present findings to stakeholders;
• Relevant certifications (e.g., CISSP, GIAC, CEH).

What we would love to see:

• Familiarity with DevSecOps practices;
• Familiarity with threat modeling and risk assessment methodologies;
• Familiarity with compliance frameworks (e.g., PCI DSS, SOC 2, ISO 27001, HIPAA);
• Experience with Cloud Security concepts, containerization, and microservices security;
• Strong communication skills, with the ability to convey complex security concepts to technical and non-technical stakeholders;
• Experience leading security-related projects and working in cross-functional teams;
• Experience working with detection tools such as Expel, Wiz, Avanan, SentinelOne, Google Works space security tooling. 

To ensure you feel good solving a big Human problem, we offer:

• A stimulating, fast-paced environment with lots of room for creativity;
• A bright future at a promising high-tech startup company;
• Career development and growth, with a competitive salary;
• The opportunity to work with a talented team and to add real value to an innovative solution with the potential to change the future of healthcare;
• A flexible environment where you can control your hours (remotely) with unlimited vacation;
• Access to our health and well-being program (digital therapist sessions);
• Remote or Hybrid work policy.