Security Engineering & Operations Lead - Remote (Portugal)

Company Description

At Lifebit, we carve our own path. Trusted by Governments and world-leading pharma institutions and funded with $70m, we are on a mission to harness the power of connected data and bring precision medicine to life globally. The key to saving human lives is providing researchers across the globe with the right data to develop more precise drugs faster.

Generating large amounts of biomedical data has become relatively straightforward. The challenge now is finding, accessing and analysing this sensitive data stored across thousands of disconnected locations. It is frustrating and painfully difficult for researchers.

Lifebit has created a patented, federated technology that brings analysis and computation to where data resides. This enables researchers to run analyses on multiple, distributed datasets in-situ, avoiding the risky movement of highly-sensitive data.

Our Federated AI Platform is trusted by federal agencies, national health systems, and global pharma to securely unlock sensitive biomedical and real-world data at scale. We help federal health institutions modernize data utilization and analytics in highly protected environments, supporting mission-critical federal programs and transforming how secure health data drives public health and research.

Our technology is unmatched and momentum is on our side - and we need an exceptionally strong team to help boost Lifebit to incredible new heights.

Your Impact

As the Security Engineering & Operations Lead (Principal IC), you will own and run security across Lifebit’s cloud infrastructure, platform, and operational processes.

You will be designing and implementing security controls, reviewing infrastructure-as-code, running incident response, and ensuring our security posture meets regulatory expectations because the systems are genuinely secure.

You will be accountable for security engineering, security operations, and supporting compliance efforts: setting direction, making priority calls, driving execution end-to-end, and ensuring outcomes. You will define and enforce security standards, and work closely with engineering and compliance teams to manage risk and maintain trust across our global infrastructure — without relying on a more senior security leader for day-to-day guidance.

s, and work closely with engineering and compliance teams to manage risk and maintain trust across our global infrastructure — without relying on a more senior security leader for day-to-day guidance.

Your Role and Responsibilities

Hands-on Security Engineering

Design, implement, and operate cloud security controls across AWS using Infrastructure-as-Code (Terraform, Pulumi, or equivalent).

Personally review and contribute to Terraform, Kubernetes, and CI/CD configurations with a security lens.

Secure AWS IAM, networking (VPCs, private connectivity, service-to-service auth), and cloud-native services.

Define and enforce Kubernetes security standards (RBAC, isolation, secrets management, runtime security).

Perform hands-on threat modelling of platform components, data flows, and federated execution patterns.

Security Operations & Incident Response

Own vulnerability management end-to-end: detection, prioritization, remediation, and verification.

Design and operate security monitoring, logging, and alerting (SIEM, cloud-native tooling).

Act as incident commander for security incidents, coordinating investigation, containment, remediation, and post-incident reviews.

Build and maintain practical incident response playbooks and on-call processes.

Continuously harden systems through patching, configuration management, and proactive risk reduction.

Establish operating cadence and governance for SecOps (triage, prioritisation, SLAs, change control, post-incident reviews) and drive follow-through to closure.

Own the backlog and roadmap for detection & response: decide what gets built next, why, and how success will be measured.

Compliance & Risk (Engineering-led)

Partner with Compliance and Legal to support ISO 27001, SOC 2, GDPR, HIPAA, and FedRAMP requirements.

Translate compliance controls into concrete technical implementations rather than policies alone.

Provide evidence and technical explanations during audits based on real system behavior.

Maintain risk assessments that are grounded in architecture, threat models, and operational reality.

Ensure security operations align with regulatory expectations without introducing unnecessary bureaucracy.

Translate risk into clear, prioritised engineering work: write requirements, unblock execution, and communicate trade-offs to stakeholders.

Create and maintain a pragmatic control framework that scales (policies, standards, exceptions, and evidence collection), with clear owners and timelines.

Leadership & Enablement

Set security standards and guardrails that engineering teams can realistically adopt.

Mentor engineers on secure design, cloud security, incident response, and vulnerability management.

Drive a culture of shared ownership for security across engineering.

Communicate clearly with both technical teams and executive stakeholders during incidents and risk discussions.

Influence senior engineering and product stakeholders through crisp recommendations, data, and risk-based narratives—often without direct authority.

Be the security “single-threaded owner” for operational readiness: ensure teams know what “good” looks like and that it’s consistently met.

Continuous Improvement

Automate security monitoring, detection, and remediation wherever possible.

Identify systemic risks and eliminate them at the architecture or platform level.

Stay current on emerging threats in cloud-native, data, and platform security.

Design scalable, low-toil processes and automation that reduce noise and improve signal (alert quality, tuning, runbooks, metrics).

Continuously evaluate tooling and vendors; build business cases and implement improvements end-to-end (selection → rollout → adoption → measurement).

Requirements

BSc in Network Engineering, Cybersecurity, Computer Science, or a related advanced technical field.

5+ years of hands-on security experience in a product-based company (not purely consulting or audit).

Deep understanding of cloud environments (AWS, Azure, or GCP) and network security architectures.

Demonstrated experience as the primary owner of a security operations function (building and running it), not just a contributor within a larger security org.

Strong judgment and autonomy: able to make priority decisions under ambiguity and drive outcomes without “waiting for direction.”

Hands-on experience with SIEM, IDS/IPS, firewalls, endpoint protection, and log aggregation systems.

Strong background in incident response, risk assessment, and vulnerability management.

Familiarity with containerized environments (Docker, Kubernetes) and secure DevOps practices.

Proven ability to design and operate in highly regulated, compliance-driven environments.

Track record of partnering with engineering to deliver measurable security improvements (MTTR, coverage, control effectiveness, audit readiness).

Preferred Qualifications

MSc in Network Engineering, Cybersecurity, Computer Science, or a related advanced technical field.

Experience managing global security operations in a cloud-first or federated data organization.

2+ years of experience in a managerial position.

Certifications such as CISSP, CISM, or CCSP.

Experience working with privacy-preserving technologies and encrypted computation.

Strong cross-functional collaboration skills, capable of influencing without direct authority.

Excellent written and verbal communication skills across technical and executive levels.

What We Offer

Lifebit is synonymous with a dynamic work culture that encourages both personal and professional growth. Our mission-driven organization is dedicated to making a significant impact in science and healthcare.

We provide a comprehensive benefits package, including:

Compensation: Your work is rewarded with a competitive salary and performance-based incentives.

Professional Development: You are granted an annual personal development budget of £1,000 and access to leading industry conferences, training, and certifications.

Flexible Working: Receive 21-25 days of annual leave and fully remote work to maintain a healthy work-life balance.

Diverse Team Culture: Join an international and diverse team passionate about transforming healthcare through data.

Deep Technology & Science: Get exposure to problems and applications in the cloud, data analysis, ML, life sciences, and big data fields.

Join us at Lifebit for a career that promises to be your next significant venture, dedicated to advancing the scientific and healthcare fields by delivering transformative platforms for aging, defense health, and biomedical research. Don't miss the chance to be part of our mission!

Life at Lifebit

Lifebit is dedicated to fostering an environment where employees can flourish, valuing individual strengths, skills, and passions. We prioritize health and well-being, offering comprehensive benefits and support. Our remote-first work model encourages virtual collaboration to maximize creativity and innovation, with flexibility for remote work as needed. Lifebit is proud to be an equal opportunity employer, committed to diversity, equity, and inclusion.

Join us in reshaping the future of data analysis and technology integration.

Location: Anywhere in Portugal (Remote)