RemoteLeaf Logo
Log in Sign up

Security Operations Lead (SecOps)

1 month ago
Portugal
Full-time
Lead
Security Analyst
DevOps and Infrastructure
AWS Bash Elasticsearch GCP Go LLM Machine Learning Python SIEM SOC Splunk
Apply Now
SWORD Health

SWORD Health

SWORD Health provides AI-powered digital physical therapy solutions designed to prevent pain, support recovery, and enhance overall health, while also aiming to transform the rehabilitation industry through innovative technology and clinical oversight.

Health Care Providers & Services
251-1K
Founded 2015
$324M raised
View All Jobs 34

Description

  • Set the strategy and technical direction for the Security Operations Center, including operating model, SIEM and detection architecture, and incident response capability.
  • Drive an AI- and automation-first transformation of security operations through SOAR playbooks, agentic and LLM-assisted triage workflows, and ML-driven detection.
  • Lead the SOC/CSIRT team technically by mentoring detection and response engineers, managing on-call and escalation models, and serving as incident commander for major events.
  • Own the SIEM end to end, including architecture, data sources, normalization, retention, cost management, tuning, and detection-as-code content.
  • Lead high-severity incident response from detection through containment, eradication, recovery, and post-incident review.
  • Run threat intelligence and threat hunting programs and turn emerging TTPs into new detections and proactive hardening measures.
  • Define, track, and report SOC performance metrics such as MTTD, MTTR, coverage, automation rate, false-positive rate, and on-call health.
  • Influence security architecture and engineering decisions so detection, response, and recovery are built into products, platforms, and infrastructure from the start.
  • Establish and continuously improve incident response playbooks, runbooks, and tabletop exercises to improve readiness.

Requirements

  • Bachelor’s degree in Computer Science, Cybersecurity, or equivalent professional experience.
  • Proven experience scaling a SOC through automation and AI, such as SOAR, hyperautomation, LLM-assisted triage, agentic workflows, or ML-driven detection.
  • Hands-on experience building or maturing a SOC, including SIEM selection, implementation or migration, detection engineering, runbook libraries, on-call rotations, and operating metrics.
  • Deep SIEM expertise with tools such as Splunk, Sentinel, Chronicle, Elastic, or similar.
  • Prior experience as the technical lead of a SOC or CSIRT team, owning the full incident response lifecycle and acting as incident commander during major incidents.
  • Strong incident response experience, including high-severity investigations, root cause analysis, digital forensics, and post-incident reviews.
  • Solid experience in cloud environments, especially AWS and/or GCP, with understanding of cloud-native threats and controls.
  • Strong scripting and development skills in Python, Go, Bash, or similar for automation, integrations, and internal tooling.
  • Working knowledge of EDR/XDR, identity, and network detection telemetry and how to combine signals into high-fidelity detections.
  • Fluency with security frameworks and standards such as NIST 800-61, CIS Controls, MITRE ATT&CK, and ISO 27001.
  • Background in threat modeling, adversary emulation, and risk-based alert tuning.
  • Excellent communication skills for executive briefings, post-mortems, and translating technical risk into business language.
  • Proven ability to lead cross-functional efforts in high-pressure situations across InfoSec, IT, and engineering.
  • Forensics experience, including investigating incidents and preserving digital evidence.
  • Valid EU visa and based in Portugal.
  • Preferred AI fluency at Sword Health, with at least Level 1 demonstrated through real examples of using AI in work.

Benefits

  • €50,400 - €79,200 annual compensation, including base pay, variable pay, and equity.
  • Equity shares / stock options as part of total compensation.
  • Health, dental, and vision insurance.
  • Meal allowance.
  • Remote work allowance plus work-from-home flexibility.
  • Flexible working hours.
  • Discretionary vacation.
  • Snacks and beverages.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Rubrik

SOC Security Analyst - FedRAMP

Rubrik 1K-5K IT Services

Rubrik is hiring a Security Operations Center analyst to help protect customer and internal data by monitoring threats, leading incident response, and improving security operations across its corporate, cloud, and SaaS environments.

United States Full-time Mid Level Security Analyst
$112k-$186k
AWS Azure Cybersecurity GCP SIEM
7 hours, 8 minutes ago
SpaceX

COMSEC Analyst

SpaceX 10K-50K Aerospace & Defense

SpaceX is hiring a COMSEC Analyst to support the security of launch vehicles, satellites, and ground systems by managing communications security operations within a classified environment.

United States Full-time Junior Security Analyst
$85k-$135k
7 hours, 38 minutes ago
Intelligent Technical Solutions

SOC Analyst I (Remote)

Intelligent Technical Solutions 251-1K Internet Software & Services

Intelligent Technical Solutions is hiring a SOC Analyst Level 1 to monitor, analyze, and respond to security threats while supporting incident response and threat detection operations.

Anywhere Full-time Entry Level Security Analyst
$13k-$13k
Azure Cybersecurity Linux macOS SIEM
7 hours, 38 minutes ago
Mercier Consultancy

Swedish Speaking Digital Trust and Safety Specialist - Work In Sofia, Bulgaria

Mercier Consultancy Professional Services

Mercier Consultancy MD is hiring a Swedish-speaking Digital Trust and Safety Specialist in Sofia, Bulgaria to help monitor content, handle safety incidents, and support policies that protect users and maintain a trustworthy online environment.

Bulgaria Greece Sweden Full-time Junior Customer Support Security Analyst
7 hours, 38 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers