Senior Cloud Security Engineer

What you’ll be doing:

• Design, implement, and maintain secure cloud infrastructure and configurations across AWS and GCP, aligned with HIPAA, GDPR, and internal security standards.
• Own and continuously improve Sword’s cloud security posture, leveraging CSPM, CWPP, and CNAPP capabilities to proactively identify and mitigate risks across cloud infrastructure, workloads, and identities.
• Act as a subject matter expert in Identity and Access Management (IAM), including RBAC design, least-privilege models, service accounts, workload identities, role lifecycle management, and access reviews across cloud environments.
• Monitor cloud environments for security threats, vulnerabilities, and misconfigurations, ensuring timely and effective detection and response.
• Lead and support incident response activities, including log analysis, forensic support, root cause analysis (RCA), post-incident reviews, and long-term remediation planning.
• Evaluate, design, and ensure the availability and quality of logging, monitoring, and traceability data sources required for effective security operations and investigations.
• Provide guidance on compensatory and mitigative controls, applying risk-based decision-making when ideal controls are not immediately feasible.
• Own the end-to-end vulnerability management lifecycle, applying risk-based judgment beyond CVE severity by considering exploitability, asset criticality, exposure, business context, and operational trade-offs, while clearly communicating prioritization decisions, managing remediation timelines, and driving vulnerabilities to closure in close collaboration with engineering teams.
• Lead and operate key cloud security platforms and services, including Wiz, Google Security Command Center, and related detection and posture management tooling.
• Partner with Infrastructure and Engineering teams to build security automation, infrastructure-as-code controls, and scalable security guardrails using scripting and automation (Python, n8n, Bash, etc.), including Terraform-based controls, Kubernetes security configurations, and CLI-driven workflows to enforce secure-by-default cloud and platform environments.
• Define, track, and report security metrics and KPIs, such as cloud posture maturity, vulnerability remediation SLAs, detection coverage, IAM hygiene, and incident response effectiveness, enabling data-driven security decisions.
• Develop, document, and evangelize cloud security standards, patterns, and best practices, driving consistent adoption across teams.
• Operate with an engineering-first, efficiency-oriented mindset, continuously seeking ways to reduce toil, automate controls, and scale security without unnecessary friction.

What you need to have:

• Required: Public Trust Clearance - Candidates must be able to obtain and maintain a US public trust clearance.
• Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience.
• 5+ years of hands-on experience in cloud security, with strong exposure to AWS and GCP.
• Deep understanding of IAM concepts and implementations, including RBAC, least privilege, identity federation, service/workload identities, and access governance.
• Proven experience operating CSPM, CWPP, and CNAPP solutions in production cloud environments.
• Strong knowledge of cloud security fundamentals: networking, encryption, logging, monitoring, and secure configuration management.
• Proficiency in scripting and automation (Python, Bash) with an infrastructure-as-code and automation mindset, including hands-on experience with Terraform, cloud and Kubernetes CLIs, and operational workflows to manage, audit, and enforce security controls at scale.
• Experience with cloud security tools such as Wiz, Google Security Command Center, AWS Security Hub, GuardDuty, and SIEM platforms.
• Solid understanding of security frameworks and standards such as NIST, CIS, and COBIT, and how to apply them pragmatically.
• Demonstrated ability to perform risk-based vulnerability prioritization, balancing security posture, operational impact, and business needs.
• Experience defining and using security metrics to measure effectiveness and drive continuous improvement.
• Strong problem-solving and analytical skills, with experience leading RCAs and incident reviews.
• Ability to influence cross-functional teams and communicate clearly with both technical and non-technical stakeholders.
• A pragmatic, engineering-driven approach to security, focused on outcomes, scalability, and efficiency.
• Develop and implement AI-assisted automation for cloud security operations, including misconfiguration detection, remediation workflows, and policy enforcement.
• Design secure integrations between cloud platforms and AI tooling to improve visibility and operational efficiency.
• Enable scalable and repeatable security workflows using automation and AI augmentation, particularly in vulnerability and posture management.
• Ensure that AI-driven automation in cloud environments adheres to security, privacy, and data protection standards.

To ensure you feel good solving a big Human problem, we offer:

• A stimulating, fast-paced environment with lots of room for creativity.
• A bright future at a promising high-tech startup company.
• Career development and growth, with a competitive salary.
• The opportunity to work with a talented team and to add real value to an innovative solution with the potential to change the future of healthcare.
• A flexible environment where you can control your hours (remotely) with unlimited vacation.
• Access to our health and well-being program (digital therapist sessions).
• Remote or Hybrid work policy.
• To get to know more about our Tech Stack, check here.

Public Trust Clearance:

Candidates must be able to obtain and maintain a US public trust clearance.
Please note that US citizenship is required to obtain and maintain a government security clearance.

Portugal - Sword Benefits & Perks: