Staff Product Security Engineer
Quick Summary
GRAIL is seeking a mission-driven and high-impact Staff Product Security Engineer to serve as a technical cornerstone for product security initiatives across the company.
-
GRAIL is seeking a mission-driven and high-impact Staff Product Security Engineer to serve as a technical cornerstone for product security initiatives across the company. Reporting to the Director of Product Security, this role plays a critical part in enabling secure, resilient products that support GRAIL’s life‑saving mission.
As a Staff-level individual contributor, you will lead the technical execution of the Product Security roadmap, partner closely with Engineering and Product teams, and mentor other security engineers. You will influence architecture and development decisions across the product lifecycle, helping teams navigate an evolving threat landscape while maintaining delivery velocity in a regulated environment.
This role is based in Menlo Park, California, and will move to Sunnyvale, California in Fall 2026. GRAIL offers a flexible work arrangement, with the ability to work from GRAIL's office or from home. Our current flexible work arrangement policy requires that a minimum of 60%, or 24 hours, of your total work week be on-site. Your specific schedule, determined in collaboration with your manager, will align with team and business needs and could exceed the 60% requirement for the site.
Embed security into the Secure Software Development Lifecycle (SSDLC) and DevSecOps pipelines, establishing guardrails that balance risk reduction with engineering velocity.
Perform and guide threat modeling, security risk assessments, and architecture reviews across products and enterprise‑connected systems.
Define and enforce security controls for AI- and ML-enabled products, including data protection, model integrity, access controls, and secure pipelines.
Manage, and operate Product Security post-market surveillance activities across GRAIL products and services, from intake through remediation and closure.
Influence secure solution architectures for GRAIL ecosystems, considering system integration, access control (IAM), key management (KMS), secure data flows, resilience, patch management, and recovery.
Scope, oversee, and review penetration testing and advanced security testing activities across software, systems, and infrastructure.
Serve as a product security subject matter expert during incident response, root cause analysis, and post‑incident improvements.
Partner with Product, Engineering, Quality, Legal, and other stakeholders to ensure alignment with regulatory and industry cybersecurity requirements.
Define, track, and report product security metrics and KPIs to provide visibility into security posture and risk trends.
Mentor and coach engineers, contributing to the growth of product security capabilities and future technical leaders at GRAIL.
Hands-on experience leading threat modeling, security risk assessments, and vulnerability management for complex software products.
Experience embedding security into modern software development environments, including CI/CD and DevSecOps practices.
Experience supporting security incident response and conducting root cause analysis in production environments.
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field, or equivalent practical experience.
Responsibilities
~1 min readKnowledge of relevant standards and frameworks such as IEC 62304, ISO 14971, ISO 80001-2, NIST, and FDA pre‑ and post‑market cybersecurity guidance.
Experience securing AI/ML systems, including mitigating risks such as data poisoning, model manipulation, and unauthorized access.
Demonstrated experience delivering cybersecurity programs, including tabletop exercises and cross‑functional incident simulations.
Professional security certifications such as OSCP, GPEN, GCIH, GWAPT, or equivalent.
Strong ability to translate technical security risks into business and patient-impact considerations for senior stakeholders.
Experience working with globally distributed teams or international stakeholders.
- →
Occasional travel may be required based on business needs.
Location & Eligibility
Listing Details
- Posted
- June 25, 2026
- First seen
- June 26, 2026
- Last seen
- June 26, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 62%
- Scored at
- June 26, 2026
Signal breakdown
Please let Grailbio know you found this job on Jobera.
3 other jobs at Grailbio
View all →Explore open roles at Grailbio.
Similar Product Security Engineer jobs
View all →
Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.