Staff Product Security Engineer 4612
Company: GRAIL Inc
Location: Menlo Park
Posted on: January 31, 2026
|
|
|
Job Description:
Our mission is to detect cancer early, when it can be cured. We
are working to change the trajectory of cancer mortality and bring
stakeholders together to adopt innovative, safe, and effective
technologies that can transform cancer care. We are a healthcare
company, pioneering new technologies to advance early cancer
detection. We have built a multi-disciplinary organization of
scientists, engineers, and physicians and we are using the power of
next-generation sequencing (NGS), population-scale clinical
studies, and state-of-the-art computer science and data science to
overcome one of medicine’s greatest challenges. GRAIL is
headquartered in the bay area of California, with locations in
Washington, D.C., North Carolina, and the United Kingdom. It is
supported by leading global investors and pharmaceutical,
technology, and healthcare companies. For more information, please
visit grail.com GRAIL is seeking a mission-driven and high-impact
Staff Product Security Engineer to serve as a technical cornerstone
for product security initiatives across the company. Reporting to
the Director of Product Security, this role plays a critical part
in enabling secure, resilient products that support GRAIL’s
life?saving mission. As a Staff-level individual contributor, you
will lead the technical execution of the Product Security roadmap,
partner closely with Engineering and Product teams, and mentor
other security engineers. You will influence architecture and
development decisions across the product lifecycle, helping teams
navigate an evolving threat landscape while maintaining delivery
velocity in a regulated environment. Flexible – Menlo Park (MPK) –
3 days in office This role is based in Menlo Park, California, and
will move to Sunnyvale, California in Fall 2026. GRAIL offers a
flexible work arrangement, with the ability to work from GRAIL's
office or from home. Our current flexible work arrangement policy
requires that a minimum of 60%, or 24 hours, of your total work
week be on-site. Your specific schedule, determined in
collaboration with your manager, will align with team and business
needs and could exceed the 60% requirement for the site.
Responsibilities Lead product security architecture and
security-by-design practices across the full product lifecycle,
from concept through post?market support. Embed security into the
Secure Software Development Lifecycle (SSDLC) and DevSecOps
pipelines, establishing guardrails that balance risk reduction with
engineering velocity. Perform and guide threat modeling, security
risk assessments, and architecture reviews across products and
enterprise?connected systems. Define and enforce security controls
for AI- and ML-enabled products, including data protection, model
integrity, access controls, and secure pipelines. Manage, and
operate Product Security post-market surveillance activities across
GRAIL products and services, from intake through remediation and
closure. Influence secure solution architectures for GRAIL
ecosystems, considering system integration, access control (IAM),
key management (KMS), secure data flows, resilience, patch
management, and recovery. Scope, oversee, and review penetration
testing and advanced security testing activities across software,
systems, and infrastructure. Serve as a product security subject
matter expert during incident response, root cause analysis, and
post?incident improvements. Partner with Product, Engineering,
Quality, Legal, and other stakeholders to ensure alignment with
regulatory and industry cybersecurity requirements. Define, track,
and report product security metrics and KPIs to provide visibility
into security posture and risk trends. Mentor and coach engineers,
contributing to the growth of product security capabilities and
future technical leaders at GRAIL. These responsibilities summarize
the role’s primary responsibilities and are not an exhaustive list.
They may change at the company’s discretion. Required
Qualifications 8 years of experience in product security,
cybersecurity, application security, or related technical security
roles. Hands-on experience leading threat modeling, security risk
assessments, and vulnerability management for complex software
products. Experience embedding security into modern software
development environments, including CI/CD and DevSecOps practices.
Experience supporting security incident response and conducting
root cause analysis in production environments. Bachelor’s degree
in Cybersecurity, Computer Science, Information Systems, or a
related field, or equivalent practical experience. Preferred
Qualifications Experience working in regulated environments,
including medical devices, healthcare, life sciences, or similarly
regulated industries. Knowledge of relevant standards and
frameworks such as IEC 62304, ISO 14971, ISO 80001-2, NIST, and FDA
pre? and post?market cybersecurity guidance. Experience securing
AI/ML systems, including mitigating risks such as data poisoning,
model manipulation, and unauthorized access. Demonstrated
experience delivering cybersecurity programs, including tabletop
exercises and cross?functional incident simulations. Professional
security certifications such as OSCP, GPEN, GCIH, GWAPT, or
equivalent. Strong ability to translate technical security risks
into business and patient-impact considerations for senior
stakeholders. Experience working with globally distributed teams or
international stakeholders. Physical Demands & Working Environment
Ability to work in an office and remote environment under a
flexible hybrid arrangement. Occasional travel may be required
based on business needs. GRAIL Values & Leadership Expectations
This Staff-level role is expected to model GRAIL’s core values and
LEAD leadership attributes by leading through influence,
collaborating across boundaries, driving results with integrity,
and continuously improving how product security enables patient
impact. The expected, full-time, annual base pay scale for this
position is $xxxK-$xxxK This role may be eligible for other forms
of compensation, including an annual bonus and/or incentives,
subject to the terms of the applicable plans and Company
discretion. This range reflects a good-faith estimate of the range
that the Company reasonably expects to pay for the position upon
hire; the actual compensation offered may vary depending on factors
such as the candidate’s qualifications. Employees in this role are
also eligible for GRAIL’s comprehensive and competitive benefits
package, offered in accordance with our applicable plans and
policies. This package currently includes flexible time-off or
vacation; a 401(k) retirement plan with employer match; medical,
dental, and vision coverage; and carefully selected mindfulness
programs. GRAIL is an equal employment opportunity employer, and we
are committed to building a workplace where every individual can
thrive, contribute, and grow. All qualified applicants will receive
consideration for employment without regard to race, color,
religion, national origin, sex, gender, gender identity, sexual
orientation, age, disability, status as a protected veteran, , or
any other class or characteristic protected by applicable federal,
state, and local laws. Additionally, GRAIL will consider for
employment qualified applicants with arrest and conviction records
in a manner consistent with applicable law and provide reasonable
accommodations to qualified individuals with disabilities. Please
contact us at [email protected] if you require an accommodation to
apply for an open position. GRAIL maintains a drug-free workplace.
We welcome job-seekers from all backgrounds to join us!
Keywords: GRAIL Inc, Brentwood , Staff Product Security Engineer 4612, IT / Software / Systems , Menlo Park, California
