GRAIL

Staff Product Security Engineer

GRAIL

full-time

Posted on:

Location Type: Hybrid

Location: Menlo ParkCaliforniaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

Cyber Security

About the role

  • Lead product security architecture and security-by-design practices across the full product lifecycle, from concept through post‑market support.
  • Embed security into the Secure Software Development Lifecycle (SSDLC) and DevSecOps pipelines, establishing guardrails that balance risk reduction with engineering velocity.
  • Perform and guide threat modeling, security risk assessments, and architecture reviews across products and enterprise‑connected systems.
  • Define and enforce security controls for AI- and ML-enabled products, including data protection, model integrity, access controls, and secure pipelines.
  • Manage, and operate Product Security post-market surveillance activities across GRAIL products and services, from intake through remediation and closure.
  • Influence secure solution architectures for GRAIL ecosystems, considering system integration, access control (IAM), key management (KMS), secure data flows, resilience, patch management, and recovery.
  • Scope, oversee, and review penetration testing and advanced security testing activities across software, systems, and infrastructure.
  • Serve as a product security subject matter expert during incident response, root cause analysis, and post‑incident improvements.
  • Partner with Product, Engineering, Quality, Legal, and other stakeholders to ensure alignment with regulatory and industry cybersecurity requirements.
  • Define, track, and report product security metrics and KPIs to provide visibility into security posture and risk trends.
  • Mentor and coach engineers, contributing to the growth of product security capabilities and future technical leaders at GRAIL.

Requirements

  • 8+ years of experience in product security, cybersecurity, application security, or related technical security roles.
  • Hands-on experience leading threat modeling, security risk assessments, and vulnerability management for complex software products.
  • Experience embedding security into modern software development environments, including CI/CD and DevSecOps practices.
  • Experience supporting security incident response and conducting root cause analysis in production environments.
  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field, or equivalent practical experience.
Benefits
  • 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
product security architecturesecurity-by-design practicesSecure Software Development Lifecycle (SSDLC)DevSecOpsthreat modelingsecurity risk assessmentspenetration testingvulnerability managementdata protectionaccess controls
Soft Skills
mentoringcoachinginfluencingcollaborationcommunication