Job Description

Sword Health is shifting healthcare from human-first to AI-first through its AI Care platform, making world-class healthcare available anytime, anywhere, while significantly reducing costs for payers, self-insured employers, national health systems, and other healthcare organizations. Sword began by reinventing pain care with AI at its core, and has since expanded into women’s health, movement health, and more recently mental health. Since 2020, more than 700,000 members across three continents have completed 10 million AI sessions, helping Sword's 1,000+ enterprise clients avoid over $1 billion in unnecessary healthcare costs. Backed by 42 clinical studies and over 44 patents, Sword Health has raised more than $500 million from leading investors, including Khosla Ventures, General Catalyst, Transformation Capital, and Founders Fund. Learn more at www.swordhealth.com
As a Senior Security Engineer (Cloud) at Sword, you will play a key role in protecting our cloud infrastructure and enabling the secure growth of our AI-first healthcare platform. You will work hands-on across AWS and GCP, strengthening preventative security controls, improving detection and response capabilities, and partnering closely with engineering and infrastructure teams. This role requires strong technical depth, sound security judgment, and the ability to translate risk into practical, business-aligned controls in a highly regulated environment (HIPAA, GDPR).
Are you looking to join an incredible IT team, passionate about simplifying everyone's work? Look no further, we're hiring! We're a proactive team, constantly staying ahead to ensure everything runs smoothly. As an IT Team we understand the importance of technology in today's workplace and the impact that technical issues can have on productivity and efficiency. Want to join the team? Find out if you've got what it takes!

What you’ll be doing:

• Design, implement, and maintain secure cloud infrastructure and configurations across AWS and GCP, aligned with HIPAA, GDPR, and internal security standards.
• Own and continuously improve Sword’s cloud security posture, leveraging CSPM, CWPP, and CNAPP capabilities to proactively identify and mitigate risks across cloud infrastructure, workloads, and identities.
• Act as a subject matter expert in Identity and Access Management (IAM), including RBAC design, least-privilege models, service accounts, workload identities, role lifecycle management, and access reviews across cloud environments.
• Monitor cloud environments for security threats, vulnerabilities, and misconfigurations, ensuring timely and effective detection and response.
• Lead and support incident response activities, including log analysis, forensic support, root cause analysis (RCA), post-incident reviews, and long-term remediation planning.
• Evaluate, design, and ensure the availability and quality of logging, monitoring, and traceability data sources required for effective security operations and investigations.
• Provide guidance on compensatory and mitigative controls, applying risk-based decision-making when ideal controls are not immediately feasible.
• Own the end-to-end vulnerability management lifecycle, applying risk-based judgment beyond CVE severity by considering exploitability, asset criticality, exposure, business context, and operational trade-offs, while clearly communicating prioritization decisions, managing remediation timelines, and driving vulnerabilities to closure in close collaboration with engineering teams.
• Lead and operate key cloud security platforms and services, including Wiz, Google Security Command Center, and related detection and posture management tooling.
• Partner with Infrastructure and Engineering teams to build security automation, infrastructure-as-code controls, and scalable security guardrails using scripting and automation (Python, n8n, Bash, etc.), including Terraform-based controls, Kubernetes security configurations, and CLI-driven workflows to enforce secure-by-default cloud and platform environments.
• Define, track, and report security metrics and KPIs, such as cloud posture maturity, vulnerability remediation SLAs, detection coverage, IAM hygiene, and incident response effectiveness, enabling data-driven security decisions.
• Develop, document, and evangelize cloud security standards, patterns, and best practices, driving consistent adoption across teams.
• Operate with an engineering-first, efficiency-oriented mindset, continuously seeking ways to reduce toil, automate controls, and scale security without unnecessary friction.

What you need to have:

• Required: Public Trust Clearance - Candidates must be able to obtain and maintain a US public trust clearance.
• Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience.
• 5+ years of hands-on experience in cloud security, with strong exposure to AWS and GCP.
• Deep understanding of IAM concepts and implementations, including RBAC, least privilege, identity federation, service/workload identities, and access governance.
• Proven experience operating CSPM, CWPP, and CNAPP solutions in production cloud environments.
• Strong knowledge of cloud security fundamentals: networking, encryption, logging, monitoring, and secure configuration management.
• Proficiency in scripting and automation (Python, Bash) with an infrastructure-as-code and automation mindset, including hands-on experience with Terraform, cloud and Kubernetes CLIs, and operational workflows to manage, audit, and enforce security controls at scale.
• Experience with cloud security tools such as Wiz, Google Security Command Center, AWS Security Hub, GuardDuty, and SIEM platforms.
• Solid understanding of security frameworks and standards such as NIST, CIS, and COBIT, and how to apply them pragmatically.
• Demonstrated ability to perform risk-based vulnerability prioritization, balancing security posture, operational impact, and business needs.
• Experience defining and using security metrics to measure effectiveness and drive continuous improvement.
• Strong problem-solving and analytical skills, with experience leading RCAs and incident reviews.
• Ability to influence cross-functional teams and communicate clearly with both technical and non-technical stakeholders.
• A pragmatic, engineering-driven approach to security, focused on outcomes, scalability, and efficiency.
• Develop and implement AI-assisted automation for cloud security operations, including misconfiguration detection, remediation workflows, and policy enforcement.
• Design secure integrations between cloud platforms and AI tooling to improve visibility and operational efficiency.
• Enable scalable and repeatable security workflows using automation and AI augmentation, particularly in vulnerability and posture management.
• Ensure that AI-driven automation in cloud environments adheres to security, privacy, and data protection standards.

To ensure you feel good solving a big Human problem, we offer:

• A stimulating, fast-paced environment with lots of room for creativity.
• A bright future at a promising high-tech startup company.
• Career development and growth, with a competitive salary.
• The opportunity to work with a talented team and to add real value to an innovative solution with the potential to change the future of healthcare.
• A flexible environment where you can control your hours (remotely) with unlimited vacation.
• Access to our health and well-being program (digital therapist sessions).
• Remote or Hybrid work policy.
• To get to know more about our Tech Stack, check here

Public Trust Clearance:

Candidates must be able to obtain and maintain a US public trust clearance.
Please note that US citizenship is required to obtain and maintain a government security clearance.

Portugal - Sword Benefits & Perks:
• Health, dental and vision insurance• Meal allowance• Equity shares• Remote work allowance• Flexible working hours• Work from home• Discretionary vacation• Snacks and beverages• English class

Note: Please note that this position does not offer relocation assistance. Candidates must possess a valid EU visa and be based in Portugal.

Sword Health complies with applicable Federal and State civil rights laws and does not discriminate on the basis of Age, Ancestry, Color, Citizenship, Gender, Gender expression, Gender identity, Gender information, Marital status, Medical condition, National origin, Physical or mental disability, Pregnancy, Race, Religion, Caste, Sexual orientation, and Veteran status.