Application Security Engineer

GRAIL is a healthcare company whose mission is to detect cancer early, when it can be cured. GRAIL is focused on alleviating the global burden of cancer by developing pioneering technology to detect and identify multiple deadly cancer types early. The company is using the power of next-generation sequencing, population-scale clinical studies, and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology, and to develop its multi-cancer early detection blood test. GRAIL is headquartered in Menlo Park, CA with locations in Washington, D.C., North Carolina, and the United Kingdom. It is supported by leading global investors and pharmaceutical, technology, and healthcare companies. For more information, please visit www.grail.com.

Join GRAIL's existing security team to build security into both of our Software Development and Production Processes. You will have the opportunity to collaborate with cross-functional teams including Engineering, Clinical, and Lab Operations to document security needs in Application Requirements, and implementing testing strategies and systems to ensure our Products protect our patients, partners and GRAIL information. You will be in a position to help ensure GRAIL protects the information we receive as part of our mission to help detect cancer!

You Will:

• Augment the security team in evaluating current and proposed software implementations to assess security risk, as well as propose and implement solutions.
• Develop technical solutions to minimize security risk such as expand security testing automation and integrations in the CI/CD pipelines.
• Collaborate with cross-functional teams (engineering, clinical, R&D, and Quality teams) to develop best practices.
• Be an advocate for protecting user data and privacy.

Your Background Includes:

• Bachelors degree in Information Technology, Computer Science or other relative field.
• 5+ years working in a software engineering related area (development, QA, Systems Architecture, Systems Administration, etc) with at least 2 years working in a security subject area (Application Security, Pentesting, Risk/Compliance, Training, etc.)
• Significant OWASP, or other Software/Product Security paradigm experience.
• Solid understanding of threat modeling techniques such as RTMP, PASTA, STRIDE, etc.
• Deep understanding of security principles including encryption, authentication, etc.
• Experience building security controls in a CI/CD environment.
• AWS, Azure or Google Cloud experience.
• Be curious and driven to learn new technology and science.
• Demonstrated effective written and verbal communication skills.
• Demonstrated leadership and self-direction.
• Demonstrated willingness to both teach others and learn new techniques.

BONUS POINTS:

• Experience with Go.
• Security Certifications such as GIAC Certified Web Application Defender or similar.
• Experience with Infrastructure-as-Code products, like Terraform and CloudFormation.
• AWS Certification such as the Architect or Security Speciality.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.