Security Operations Lead (SecOps)

Remote

Full time

Middle

Remote, Portugal

PythonToolingIncident ResponsedetectionDetection Engineeringquery optimizationRoot Cause AnalysisSecOpssecurity frameworksSecurity OperationsSecurity Operations CenterSIEMBuilding AutomationSecurity Operations EngineerSecurity DevOps Engineer

4,200 – 6,600 $

Job description

At Sword, we’re building AI to heal billions and unlock humanity’s full potential. As Security Operations Lead, you'll lead our SecOps squad and own how Sword detects, investigates, and responds to threats. You'll help structure how this function operates — setting the direction on SIEM architecture, detection engineering, and incident response — and use automation and AI to scale a focused team across a fast-growing, multi-continent footprint.

Requirements

Bachelor’s degree in Computer Science, Cybersecurity, or equivalent professional experience.
Proven experience scaling a SOC through automation and AI — SOAR, hyperautomation, LLM-assisted triage, agentic workflows, or ML-driven detection — with measurable impact on MTTR, coverage, or analyst leverage.
Hands-on experience structuring a SOC, either building one from the ground up or maturing one through significant transformation — SIEM selection, implementation or migration, detection engineering practice, runbook libraries, on-call rotations, and operating metrics.
Deep SIEM expertise (Splunk, Sentinel, Chronicle, Elastic, or similar) — ingestion architecture, detection-as-code, query optimization, and coverage-versus-cost tradeoffs.
Prior experience as the technical lead of a SOC or CSIRT team — owning the full incident response lifecycle, mentoring analysts and engineers, and acting as on-call/incident commander during major incidents.
Strong incident response track record — leading high-severity investigations, root cause analysis, digital forensics, and post-incident reviews that produced durable improvements.
Solid experience in cloud environments (AWS and/or GCP), with strong understanding of cloud-native threats and controls.
Strong scripting and development skills (Python, Go, Bash, or similar) for building automation, integrations, and internal tooling.
Working knowledge of EDR/XDR, identity, and network detection telemetry, and how to combine signals into high-fidelity detections.
Fluency with security frameworks and standards (NIST 800-61, CIS Controls, MITRE ATT&CK, ISO 27001) and the judgment to apply them pragmatically.
Background in threat modeling, adversary emulation, and risk-based alert tuning.
Excellent communicator — able to brief executives during a Sev1, write a clear post-mortem, and translate technical risk into business language for non-technical audiences.
Proven track record of leading cross-functional efforts in high-pressure situations and fostering collaboration across InfoSec, IT, and engineering.
Forensics experience, investigating incidents and preserving digital evidence.

Benefits

Health, dental and vision insurance
Meal allowance
Equity shares
Remote work allowance
Flexible working hours
Work from home
Discretionary vacation
Snacks and beverages

Match

Good match

We match every vacancy against your profile and show a fit score — so you instantly know which ones are worth applying to. Sign up and create a resume — it's free.