RemoteLeaf Logo
Log in Sign up

Security Operations Lead (SecOps)

15 hours, 21 minutes ago
Portugal
Full-time
Lead
Security Analyst
DevOps and Infrastructure
AWS Bash Elasticsearch GCP Go LLM Machine Learning Python SIEM SOC Splunk
Apply Now
SWORD Health

SWORD Health

SWORD Health provides AI-powered digital physical therapy solutions designed to prevent pain, support recovery, and enhance overall health, while also aiming to transform the rehabilitation industry through innovative technology and clinical oversight.

Health Care Providers & Services
251-1K
Founded 2015
$324M raised
View All Jobs 48

Description

  • Set the strategy and technical direction for the Security Operations Center, including operating model, SIEM and detection architecture, and incident response capability.
  • Drive an AI- and automation-first transformation of security operations through SOAR playbooks, agentic and LLM-assisted triage workflows, and ML-driven detection.
  • Lead the SOC/CSIRT team technically by mentoring detection and response engineers, managing on-call and escalation models, and serving as incident commander for major events.
  • Own the SIEM end to end, including architecture, data sources, normalization, retention, cost management, tuning, and detection-as-code content.
  • Lead high-severity incident response from detection through containment, eradication, recovery, and post-incident review.
  • Run threat intelligence and threat hunting programs and turn emerging TTPs into new detections and proactive hardening measures.
  • Define, track, and report SOC performance metrics such as MTTD, MTTR, coverage, automation rate, false-positive rate, and on-call health.
  • Influence security architecture and engineering decisions so detection, response, and recovery are built into products, platforms, and infrastructure from the start.
  • Establish and continuously improve incident response playbooks, runbooks, and tabletop exercises to improve readiness.

Requirements

  • Bachelor’s degree in Computer Science, Cybersecurity, or equivalent professional experience.
  • Proven experience scaling a SOC through automation and AI, such as SOAR, hyperautomation, LLM-assisted triage, agentic workflows, or ML-driven detection.
  • Hands-on experience building or maturing a SOC, including SIEM selection, implementation or migration, detection engineering, runbook libraries, on-call rotations, and operating metrics.
  • Deep SIEM expertise with tools such as Splunk, Sentinel, Chronicle, Elastic, or similar.
  • Prior experience as the technical lead of a SOC or CSIRT team, owning the full incident response lifecycle and acting as incident commander during major incidents.
  • Strong incident response experience, including high-severity investigations, root cause analysis, digital forensics, and post-incident reviews.
  • Solid experience in cloud environments, especially AWS and/or GCP, with understanding of cloud-native threats and controls.
  • Strong scripting and development skills in Python, Go, Bash, or similar for automation, integrations, and internal tooling.
  • Working knowledge of EDR/XDR, identity, and network detection telemetry and how to combine signals into high-fidelity detections.
  • Fluency with security frameworks and standards such as NIST 800-61, CIS Controls, MITRE ATT&CK, and ISO 27001.
  • Background in threat modeling, adversary emulation, and risk-based alert tuning.
  • Excellent communication skills for executive briefings, post-mortems, and translating technical risk into business language.
  • Proven ability to lead cross-functional efforts in high-pressure situations across InfoSec, IT, and engineering.
  • Forensics experience, including investigating incidents and preserving digital evidence.
  • Valid EU visa and based in Portugal.
  • Preferred AI fluency at Sword Health, with at least Level 1 demonstrated through real examples of using AI in work.

Benefits

  • €50,400 - €79,200 annual compensation, including base pay, variable pay, and equity.
  • Equity shares / stock options as part of total compensation.
  • Health, dental, and vision insurance.
  • Meal allowance.
  • Remote work allowance plus work-from-home flexibility.
  • Flexible working hours.
  • Discretionary vacation.
  • Snacks and beverages.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

MetroStar

Sr. Information Systems Security Officer II (6587)

MetroStar 251-1K IT Services

MetroStar is hiring an Information Systems Security Officer to support government clients in achieving and sustaining Authority to Operate for federal information systems.

United States Full-time Lead Security Analyst
$156k-$200k
Cybersecurity Encryption
3 hours, 21 minutes ago
SupportYourApp

(fluent Ukrainian) Security Incident Response Specialist (remote)

SupportYourApp 251-1K Internet Software & Services

SupportYourApp is seeking a Security Incident Response Specialist to handle real security and operational incidents for its global client base and strengthen incident response and security processes.

Hungary Poland Romania Spain Contract Junior Security Analyst
Cybersecurity SIEM
9 hours, 27 minutes ago
Kora

Security Operations Center, (SOC) Analyst

Kora 51-250 Diversified Financial Services

Kora is seeking a SOC Analyst to monitor, investigate, and respond to cybersecurity threats across its global payment infrastructure, helping protect the systems that power cross-border financial operations.

Nigeria Full-time Junior Security Analyst
Bash CrowdStrike PowerShell Python SIEM Splunk
13 hours, 28 minutes ago
Ethics Code

Security Operations Analyst (SOC Analyst)

Ethics Code Diversified Consumer Services

Security Operations Analyst at the company, focused on monitoring devices and systems, investigating security incidents, and supporting compliance efforts using Microsoft security tools.

Dominican Republic Full-time Junior Security Analyst
Cybersecurity SIEM
15 hours, 21 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers