Sword Health is the world’s fastest growing virtual MSK care provider, on a mission to free two billion people from pain
Senior Security Operations Engineer
Location
United States
Posted
121 days ago
Salary
0
Seniority
Senior
Job Description
Senior Security Operations Engineer
Sword Health
• Design and continuously improve detection and alerting controls, ensuring high fidelity and contextual relevance to reduce noise and enable rapid response. • Build, test, and automate incident response playbooks and runbooks, increasing efficiency and consistency across the incident lifecycle. • Drive prioritization of alerts using a data-driven, scalable triage framework, aligned with business impact and threat context. • Lead in-depth investigations, including root cause analysis and digital forensics, and convert findings into actionable insights to strengthen detection and resilience. • Proactively engage in threat intelligence and threat hunting, identifying new tactics, techniques, and procedures (TTPs), enriching existing controls, and feeding insights into the detection pipeline. • Own incident handling from detection to resolution, collaborating with engineering, IT, and business teams to contain, eradicate, and recover from threats. • Define and maintain operational metrics for incident response, using them to drive continuous improvement in speed, accuracy, and organizational readiness.
Job Requirements
- Required: Public Trust Clearance
- Bachelor’s degree in Computer Science, Cybersecurity, or equivalent professional experience.
- Solid experience in cloud environments (AWS, GCP, or Azure), with strong understanding of cloud-native threats.
- Proficiency in scripting languages (e.g., Python, Bash) for automation and tooling development.
- Hands-on experience with SOC tools and platforms, such as SIEM (Splunk, Sentinel, etc.), SOAR, EDR/XDR, and log management.
- Strong understanding of incident containment and eradication strategies, with proven ability to coordinate response with technical teams.
- Familiarity with security frameworks and standards (NIST 800-61, CIS Controls, MITRE ATT&CK, ISO 27001).
- Excellent analytical, critical thinking, and problem-solving skills.
- Ability to consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios.
- Proficiency in process formulation and improvement.
- Background in threat modeling, adversary emulation, and risk-based alert tuning.
- Strong communicator with the ability to explain security risks and actions to both technical and non-technical audiences.
- Proven track record of leading cross-functional efforts in high-pressure situations.
- Ability to foster collaboration across InfoSec, IT, and engineering teams.
- Forensics experience, investigating incidents and preserving digital evidence.
Benefits
- Comprehensive health, dental and vision insurance*
- Life and AD&D Insurance*
- Financial advisory services*
- Supplemental Insurance Benefits (Accident, Hospital and Critical Illness)*
- Health Savings Account*
- Equity shares*
- Discretionary PTO plan*
- Parental leave*
- 401(k)
- Flexible working hours
- Remote-first company
- Paid company holidays
- Free digital therapist for you and your family
Related Guides
Related Categories
Related Job Pages
More Security Operations Jobs
• Support the company's 24/7 identity privileged access management services • Ensure the secure and efficient support of identity and access services • Execute processes for incident management, change management, problem resolution, and continuous improvement that enable Identity services • Continuously monitor IAM privileged access management systems performance and health • Respond promptly to system alerts and incidents, troubleshoot issues, and implement solutions • Manage and maintain IAM privileged access management systems • Implement changes to enhance system efficiency and reduce downtime • Maintain documentation of system configurations, procedures, and incident reports • Provide regular status updates to management • Work closely with IT teams, developers, and stakeholders
• Investigate alerts into potential threats both mitigated and unmitigated, ensuring our customers are protected • Interact directly with customers who are under attack via phone, email , and/or ticketing systems • Provide proactive and real-time guidance to customers on security protocols and defensive security response • Document actions taken in incident management systems, knowledge base, or ticketing systems as required • Establish yourself as a trusted security advisor internally and externally • Engage and support cross-functional teams • Collaborate with Product Management and Development on requirements and product release activities • Ensure documented processes and procedures are relevant and up to date
• Act as a first responder to emerging threats • Work across the full detection and response stack, from identity and endpoints to network and cloud • Contribute to improving our detection and response capabilities by collaborating with internal teams and supporting service enhancements • Play a key role in investigations, applying expertise to analyse incidents and respond effectively
Security Operations Engineer
Apollo GraphQLApollo is the GraphQL company. Our mission is to empower every developer with a graph.
• Advance Apollo’s detection and response strategy in partnership with engineering and IT leadership • Implement and maintain adherence to SOC 2 and other cloud security frameworks • Handle escalations from Sales and Customer Success, including security questionnaires and customer audits • Build and tune monitoring, logging, and alerting systems to improve visibility while reducing noise • Drive automation of SecOps workflows to speed up investigation and response • Guide secure adoption of AI across Apollo - from internal use by engineers to AI-powered product features • Participate in our on-call rotation (we keep this lightweight and reasonable)
