Lead technical execution of product security initiatives, embed security practices, perform risk assessments, and mentor engineers while ensuring compliance with industry standards.
Our mission is to detect cancer early, when it can be cured. We are working to change the trajectory of cancer mortality and bring stakeholders together to adopt innovative, safe, and effective technologies that can transform cancer care.
We are a healthcare company, pioneering new technologies to advance early cancer detection. We have built a multi-disciplinary organization of scientists, engineers, and physicians and we are using the power of next-generation sequencing (NGS), population-scale clinical studies, and state-of-the-art computer science and data science to overcome one of medicine’s greatest challenges.
GRAIL is headquartered in the bay area of California, with locations in Washington, D.C., North Carolina, and the United Kingdom. It is supported by leading global investors and pharmaceutical, technology, and healthcare companies.
For more information, please visit grail.com
GRAIL is seeking a mission-driven and high-impact Staff Product Security Engineer to serve as a technical cornerstone for product security initiatives across the company. Reporting to the Director of Product Security, this role plays a critical part in enabling secure, resilient products that support GRAIL’s life‑saving mission.
As a Staff-level individual contributor, you will lead the technical execution of the Product Security roadmap, partner closely with Engineering and Product teams, and mentor other security engineers. You will influence architecture and development decisions across the product lifecycle, helping teams navigate an evolving threat landscape while maintaining delivery velocity in a regulated environment.
Flexible – Menlo Park (MPK) – 3 days in office
This role is based in Menlo Park, California, and will move to Sunnyvale, California in Fall 2026. GRAIL offers a flexible work arrangement, with the ability to work from GRAIL's office or from home. Our current flexible work arrangement policy requires that a minimum of 60%, or 24 hours, of your total work week be on-site. Your specific schedule, determined in collaboration with your manager, will align with team and business needs and could exceed the 60% requirement for the site.
Responsibilities
- Lead product security architecture and security-by-design practices across the full product lifecycle, from concept through post‑market support.
- Embed security into the Secure Software Development Lifecycle (SSDLC) and DevSecOps pipelines, establishing guardrails that balance risk reduction with engineering velocity.
- Perform and guide threat modeling, security risk assessments, and architecture reviews across products and enterprise‑connected systems.
- Define and enforce security controls for AI- and ML-enabled products, including data protection, model integrity, access controls, and secure pipelines.
- Manage, and operate Product Security post-market surveillance activities across GRAIL products and services, from intake through remediation and closure.
- Influence secure solution architectures for GRAIL ecosystems, considering system integration, access control (IAM), key management (KMS), secure data flows, resilience, patch management, and recovery.
- Scope, oversee, and review penetration testing and advanced security testing activities across software, systems, and infrastructure.
- Serve as a product security subject matter expert during incident response, root cause analysis, and post‑incident improvements.
- Partner with Product, Engineering, Quality, Legal, and other stakeholders to ensure alignment with regulatory and industry cybersecurity requirements.
- Define, track, and report product security metrics and KPIs to provide visibility into security posture and risk trends.
- Mentor and coach engineers, contributing to the growth of product security capabilities and future technical leaders at GRAIL.
These responsibilities summarize the role’s primary responsibilities and are not an exhaustive list. They may change at the company’s discretion.
Required Qualifications
- 8+ years of experience in product security, cybersecurity, application security, or related technical security roles.
- Hands-on experience leading threat modeling, security risk assessments, and vulnerability management for complex software products.
- Experience embedding security into modern software development environments, including CI/CD and DevSecOps practices.
- Experience supporting security incident response and conducting root cause analysis in production environments.
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field, or equivalent practical experience.
Preferred Qualifications
- Experience working in regulated environments, including medical devices, healthcare, life sciences, or similarly regulated industries.
- Knowledge of relevant standards and frameworks such as IEC 62304, ISO 14971, ISO 80001-2, NIST, and FDA pre‑ and post‑market cybersecurity guidance.
- Experience securing AI/ML systems, including mitigating risks such as data poisoning, model manipulation, and unauthorized access.
- Demonstrated experience delivering cybersecurity programs, including tabletop exercises and cross‑functional incident simulations.
- Professional security certifications such as OSCP, GPEN, GCIH, GWAPT, or equivalent.
- Strong ability to translate technical security risks into business and patient-impact considerations for senior stakeholders.
- Experience working with globally distributed teams or international stakeholders.
Physical Demands & Working Environment
- Ability to work in an office and remote environment under a flexible hybrid arrangement.
- Occasional travel may be required based on business needs.
GRAIL Values & Leadership Expectations
- This Staff-level role is expected to model GRAIL’s core values and LEAD leadership attributes by leading through influence, collaborating across boundaries, driving results with integrity, and continuously improving how product security enables patient impact.
The expected, full-time, annual base pay scale for this position is $169kK-$224K
This role may be eligible for other forms of compensation, including an annual bonus and/or incentives, subject to the terms of the applicable plans and Company discretion. This range reflects a good-faith estimate of the range that the Company reasonably expects to pay for the position upon hire; the actual compensation offered may vary depending on factors such as the candidate’s qualifications. Employees in this role are also eligible for GRAIL’s comprehensive and competitive benefits package, offered in accordance with our applicable plans and policies. This package currently includes flexible time-off or vacation; a 401(k) retirement plan with employer match; medical, dental, and vision coverage; and carefully selected mindfulness programs.
GRAIL is an equal employment opportunity employer, and we are committed to building a workplace where every individual can thrive, contribute, and grow. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender, gender identity, sexual orientation, age, disability, status as a protected veteran, , or any other class or characteristic protected by applicable federal, state, and local laws. Additionally, GRAIL will consider for employment qualified applicants with arrest and conviction records in a manner consistent with applicable law and provide reasonable accommodations to qualified individuals with disabilities. Please contact us at [email protected] if you require an accommodation to apply for an open position.
GRAIL maintains a drug-free workplace. We welcome job-seekers from all backgrounds to join us!
Top Skills
AI
Ci/Cd
Cybersecurity
Devsecops
Iec 62304
Iso 14971
Ml
Ngs
Nist
Security Frameworks
GRAIL Menlo Park, California, USA Office
GRAIL is headquartered in Menlo Park, California, with locations in Washington, D.C., North Carolina, and the United Kingdom. We also have a number of employees who are working remotely. Our bay area office has a employees working in our labs, software engineering, clinical development and more.
Similar Jobs at GRAIL
.png)
Artificial Intelligence • Big Data • Healthtech • Machine Learning • Software • Biotech
The Director of Cybersecurity Operations and Threat Intelligence leads security strategies, SOC management, incident response, and threat intelligence, ensuring robust protection against cyber threats especially in a healthcare context.
Top Skills:
AWSAws Lake FormationDatadog SecurityEdr/XdrIds/IpsSIEMSoarSplunkSumo Logic
Artificial Intelligence • Big Data • Healthtech • Machine Learning • Software • Biotech
As a Staff Software Engineer, you will design and develop secure cloud-native systems, build microservices, mentor engineers, and enhance software for early cancer detection applications.
Top Skills:
AWSAzureDockerGCPGoJavaKafkaKubernetesRabbitMQReact
Artificial Intelligence • Big Data • Healthtech • Machine Learning • Software • Biotech
As a Salesforce Business Analyst, you will distill stakeholder needs into business requirements, manage regulatory risks, and support software development processes for GRAIL's Salesforce platform.
Top Skills:
AgileConfluenceJIRASalesforce
What you need to know about the San Francisco Tech Scene
San Francisco and the surrounding Bay Area attracts more startup funding than any other region in the world. Home to Stanford University and UC Berkeley, leading VC firms and several of the world’s most valuable companies, the Bay Area is the place to go for anyone looking to make it big in the tech industry. That said, San Francisco has a lot to offer beyond technology thanks to a thriving art and music scene, excellent food and a short drive to several of the country’s most beautiful recreational areas.
Key Facts About San Francisco Tech
- Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Google, Apple, Salesforce, Meta
- Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
- Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
- Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine
