Application Security Engineer

Menlo Park, CA, United States
Jul 12, 2021
Biotech Bay
Required Education
Bachelors Degree
Position Type
Full time

GRAIL is a healthcare company whose mission is to detect cancer early, when it can be cured. GRAIL is focused on alleviating the global burden of cancer by developing pioneering technology to detect and identify multiple deadly cancer types early. The company is using the power of next-generation sequencing, population-scale clinical studies, and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology, and to develop its multi-cancer early detection blood test. GRAIL is headquartered in Menlo Park, CA with locations in Washington, D.C., North Carolina, and the United Kingdom. It is supported by leading global investors and pharmaceutical, technology, and healthcare companies. For more information, please visit

Join GRAIL's existing security team to build security into both of our Software Development and Production Processes. You will have the opportunity to collaborate with cross-functional teams including Engineering, Clinical, and Lab Operations to document security needs in Application Requirements, and implementing testing strategies and systems to ensure our Products protect our patients, partners and GRAIL information. You will be in a position to help ensure GRAIL protects the information we receive as part of our mission to help detect cancer!

You Will:

• Augment the security team in evaluating current and proposed software implementations to assess security risk, as well as propose and implement solutions.
• Develop technical solutions to minimize security risk such as expand security testing automation and integrations in the CI/CD pipelines.
• Collaborate with cross-functional teams (engineering, clinical, R&D, and Quality teams) to develop best practices.
• Be an advocate for protecting user data and privacy.

Your Background Includes:

• Bachelors degree in Information Technology, Computer Science or other relative field.
• 5+ years working in a software engineering related area (development, QA, Systems Architecture, Systems Administration, etc) with at least 2 years working in a security subject area (Application Security, Pentesting, Risk/Compliance, Training, etc.)
• Significant OWASP, or other Software/Product Security paradigm experience.
• Solid understanding of threat modeling techniques such as RTMP, PASTA, STRIDE, etc.
• Deep understanding of security principles including encryption, authentication, etc.
• Experience building security controls in a CI/CD environment.
• AWS, Azure or Google Cloud experience.
• Be curious and driven to learn new technology and science.
• Demonstrated effective written and verbal communication skills.
• Demonstrated leadership and self-direction.
• Demonstrated willingness to both teach others and learn new techniques.


• Experience with Go.
• Security Certifications such as GIAC Certified Web Application Defender or similar.
• Experience with Infrastructure-as-Code products, like Terraform and CloudFormation.
• AWS Certification such as the Architect or Security Speciality.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

GRAIL, Inc. and its affiliates and subsidiaries ("GRAIL") does not accept any liability for fees for resumes from recruiters or employment agencies ("Agency"), without a binding, written recruitment agreement between GRAIL and Agency describing the services and specific job openings ("Agreement"). GRAIL may consider any candidate for whom an Agency has submitted an unsolicited resume and explicitly reserves the right to hire those candidate(s) without any financial obligation to the Agency, unless an Agreement is in place. Any email or verbal contacts with any person within GRAIL is inadequate to create a binding agreement. Agencies without an Agreement are requested not to contact any hiring managers of GRAIL with recruiting inquiries or resumes. Agencies interested in partnering with GRAIL may contact GRAIL's HR Department through our Customer Service team .