Senior Cloud Security Engineer

What you’ll be doing:

• Design, implement, and maintain secure cloud infrastructure and configurations across AWS and GCP, aligned with HIPAA, GDPR, and internal security standards.
• Own and continuously improve Sword’s cloud security posture, leveraging CSPM, CWPP, and CNAPP capabilities to proactively identify and mitigate risks across cloud infrastructure, workloads, and identities.
• Act as a subject matter expert in Identity and Access Management (IAM), including RBAC design, least-privilege models, service accounts, workload identities, role lifecycle management, and access reviews across cloud environments.
• Monitor cloud environments for security threats, vulnerabilities, and misconfigurations, ensuring timely and effective detection and response.
• Lead and support incident response activities, including log analysis, forensic support, root cause analysis (RCA), post-incident reviews, and long-term remediation planning.
• Evaluate, design, and ensure the availability and quality of logging, monitoring, and traceability data sources required for effective security operations and investigations.
• Provide guidance on compensatory and mitigative controls, applying risk-based decision-making when ideal controls are not immediately feasible.
• Own the end-to-end vulnerability management lifecycle, applying risk-based judgment beyond CVE severity by considering exploitability, asset criticality, exposure, business context, and operational trade-offs, while clearly communicating prioritization decisions, managing remediation timelines, and driving vulnerabilities to closure in close collaboration with engineering teams.
• Lead and operate key cloud security platforms and services, including Wiz, Google Security Command Center, and related detection and posture management tooling.
• Partner with Infrastructure and Engineering teams to build security automation, infrastructure-as-code controls, and scalable security guardrails using scripting and automation (Python, n8n, Bash, etc.), including Terraform-based controls, Kubernetes security configurations, and CLI-driven workflows to enforce secure-by-default cloud and platform environments.
• Define, track, and report security metrics and KPIs, such as cloud posture maturity, vulnerability remediation SLAs, detection coverage, IAM hygiene, and incident response effectiveness, enabling data-driven security decisions.
• Develop, document, and evangelize cloud security standards, patterns, and best practices, driving consistent adoption across teams.
• Operate with an engineering-first, efficiency-oriented mindset, continuously seeking ways to reduce toil, automate controls, and scale security without unnecessary friction.

To ensure you feel good solving a big Human problem, we offer:

• A stimulating, fast-paced environment with lots of room for creativity.
• A bright future at a promising high-tech startup company.
• Career development and growth, with a competitive salary.
• The opportunity to work with a talented team and to add real value to an innovative solution with the potential to change the future of healthcare.
• A flexible environment where you can control your hours (remotely) with unlimited vacation.
• Access to our health and well-being program (digital therapist sessions).
• Remote or Hybrid work policy.
• To get to know more about our Tech Stack, check here.

Portugal - Sword Benefits & Perks: