Senior Security Operations Engineer

What you’ll be doing:

• Design and continuously improve detection and alerting controls, ensuring high fidelity and contextual relevance to reduce noise and enable rapid response.
• Build, test, and automate incident response playbooks and runbooks, increasing efficiency and consistency across the incident lifecycle.
• Drive prioritization of alerts using a data-driven, scalable triage framework, aligned with business impact and threat context.
• Lead in-depth investigations, including root cause analysis and digital forensics, and convert findings into actionable insights to strengthen detection and resilience.
• Proactively engage in threat intelligence and threat hunting, identifying new tactics, techniques, and procedures (TTPs), enriching existing controls, and feeding insights into the detection pipeline.
• Own incident handling from detection to resolution, collaborating with engineering, IT, and business teams to contain, eradicate, and recover from threats.
• Define and maintain operational metrics for incident response, using them to drive continuous improvement in speed, accuracy, and organizational readiness.

What you need to have:

• Required: Public Trust Clearance - Candidates must be able to obtain and maintain a US public trust clearance.
• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent professional experience.
• Solid experience in cloud environments (AWS, GCP, or Azure), with strong understanding of cloud-native threats.
• Proficiency in scripting languages (e.g., Python, Bash) for automation and tooling development.
• Hands-on experience with SOC tools and platforms, such as SIEM (Splunk, Sentinel, etc.), SOAR, EDR/XDR, and log management.
• Strong understanding of incident containment and eradication strategies, with proven ability to coordinate response with technical teams.
• Familiarity with security frameworks and standards (NIST 800-61, CIS Controls, MITRE ATT&CK, ISO 27001).
• Excellent analytical, critical thinking, and problem-solving skills.
• Ability to consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios.
• Proficiency in process formulation and improvement.
• Background in threat modeling, adversary emulation, and risk-based alert tuning.
• Strong communicator with the ability to explain security risks and actions to both technical and non-technical audiences.
• Proven track record of leading cross-functional efforts in high-pressure situations.
• Ability to foster collaboration across InfoSec, IT, and engineering teams.
• Forensics experience, investigating incidents and preserving digital evidence.
• Leverage AI to automate and optimize security operations workflows, including alert triage, enrichment, and incident classification.
• Design and maintain AI-assisted runbooks, ensuring consistency, auditability, and human-in-the-loop validation for critical decisions.
• Identify opportunities to improve SOC efficiency through AI-driven automation, while maintaining strong controls and avoiding over-reliance on unverified outputs.
• Integrate security tooling with AI platforms and APIs to streamline investigation, response, and reporting processes.
• Enhance vulnerability management and incident response workflows through intelligent prioritization, correlation, and contextualization of findings.
• Continuously evaluate the accuracy, reliability, and security implications of AI-assisted decisions in operational environments.

To ensure you feel good solving a big Human problem, we offer:

• A stimulating, fast-paced environment with lots of room for creativity.
• A bright future at a promising high-tech startup company.
• Career development and growth, with a competitive salary.
• The opportunity to work with a talented team and to add real value to an innovative solution with the potential to change the future of healthcare.
• A flexible environment where you can control your hours (remotely) with unlimited vacation.
• Access to our health and well-being program (digital therapist sessions).
• Remote or Hybrid work policy.
• To get to know more about our Tech Stack, check here.

Public Trust Clearance:

Candidates must be able to obtain and maintain a US public trust clearance.
Please note that US citizenship is required to obtain and maintain a government security clearance.

US - Sword Benefits & Perks: