Security Operations Lead (SecOps)

At Sword, we’re building AI to heal billions and unlock humanity’s full potential. As Security Operations Lead, you'll lead our SecOps squad and own how Sword detects, investigates, and responds to threats. You'll help structure how this function operates — setting the direction on SIEM architecture, detection engineering, and incident response — and use automation and AI to scale a focused team across a fast-growing, multi-continent footprint.

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent professional experience.
• Proven experience scaling a SOC through automation and AI — SOAR, hyperautomation, LLM-assisted triage, agentic workflows, or ML-driven detection — with measurable impact on MTTR, coverage, or analyst leverage.
• Hands-on experience structuring a SOC, either building one from the ground up or maturing one through significant transformation — SIEM selection, implementation or migration, detection engineering practice, runbook libraries, on-call rotations, and operating metrics.
• Deep SIEM expertise (Splunk, Sentinel, Chronicle, Elastic, or similar) — ingestion architecture, detection-as-code, query optimization, and coverage-versus-cost tradeoffs.
• Prior experience as the technical lead of a SOC or CSIRT team — owning the full incident response lifecycle, mentoring analysts and engineers, and acting as on-call/incident commander during major incidents.
• Strong incident response track record — leading high-severity investigations, root cause analysis, digital forensics, and post-incident reviews that produced durable improvements.
• Solid experience in cloud environments (AWS and/or GCP), with strong understanding of cloud-native threats and controls.
• Strong scripting and development skills (Python, Go, Bash, or similar) for building automation, integrations, and internal tooling.
• Working knowledge of EDR/XDR, identity, and network detection telemetry, and how to combine signals into high-fidelity detections.
• Fluency with security frameworks and standards (NIST 800-61, CIS Controls, MITRE ATT&CK, ISO 27001) and the judgment to apply them pragmatically.
• Background in threat modeling, adversary emulation, and risk-based alert tuning.
• Excellent communicator — able to brief executives during a Sev1, write a clear post-mortem, and translate technical risk into business language for non-technical audiences.
• Proven track record of leading cross-functional efforts in high-pressure situations and fostering collaboration across InfoSec, IT, and engineering.
• Forensics experience, investigating incidents and preserving digital evidence.

Benefits

• Health, dental and vision insurance
• Meal allowance
• Equity shares
• Remote work allowance
• Flexible working hours
• Work from home
• Discretionary vacation
• Snacks and beverages