Principal Security Architect (Director of Security Engineering)

GRAIL is a healthcare company whose mission is to detect cancer early, when it can be cured. GRAIL is focused on alleviating the global burden of cancer by developing pioneering technology to detect and identify multiple deadly cancer types early. The company is using the power of next-generation sequencing, population-scale clinical studies, and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology, and to develop its multi-cancer early detection blood test. GRAIL is headquartered in Menlo Park, CA with locations in Washington, D.C., North Carolina, and the United Kingdom. GRAIL, LLC is a wholly-owned subsidiary of Illumina, Inc. (NASDAQ:ILMN). For more information, please visit www.grail.com.
As a Principal Security Architect at GRAIL, you will help shape the technical security roadmap. You’ll enjoy working on a broad array of applications, clinical data, innovative technologies, infrastructure-as-a-service, and genomic-related software systems. We pride ourselves on building effective, efficient, easy-to-use, and scalable clinical-compliant software systems to address GRAIL’s many computational and automation-related challenges.

Responsibilities include:

• Designing and presenting the security architecture and controls for applications across multiple teams and systems.
• Analyzing, developing, and reviewing security aspects of a system architecture
• Participating in the development of the security architecture guiding principles, policies, best practices, and standards.
• Driving the best security practices for use throughout the enterprise
• Define and drive the development of security frameworks, and other technologies for use.
• Developing threat models to identify risks, and prioritize improvements to our architecture.
• Educating peers on applying the latest security technologies when developing new services, systems, and applications.
• Be a technical mentor for other engineers

Your background should include:

• Bachelors or Masters or Ph.D. degree in Computer Science, Engineering, Bioinformatics, Data Science, AI, or a similar technical field.
• At least 15+ years of industry work experience designing, developing and maintaining disparate security architectures.
• Demonstrated effective written and verbal communication skills.
• Demonstrated leadership and self-direction!
• A standout colleague and collaborator!
• At least 4 years implementing services on cloud infrastructure and leading security
• Solid understanding of AWS with experience implementing, reviewing, and strengthening new or existing deployments specifically with technologies like IAM, Config, KMS, Inspector, CloudWatch, GuardDuty, and WAF.
• Experience with Infrastructure-as-Code products like Terraform and CloudFormation.
• Experience with compliance controls from standards like ISO 27001, PCI, SOC2, HiTrust, etc.
• Experience with Open Source tooling and cloud-native tooling to meet security architecture requirements.
• Deep understanding of security principles including encryption, authentication, vulnerabilities, threats, etc.
• Proven understanding of networking protocols
• Security certifications such as AWS Security Specialty
• Experience with threat modeling techniques, SIPOC, Dataflow, and Zero Trust methodology

Bonus points:

• AWS Certification such as the Architect
• Market leader certifications like CISSP, CCSP, GPCS, etc.
• Experience with healthcare and genomics

GRAIL is an Equal Employment Office and Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status. We will reasonably accommodate all individuals with disabilities so that they can participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
Following extensive monitoring, research, consideration of business implications, and advice from internal and external experts, GRAIL has made the decision to require all U.S. employees receive the COVID-19 vaccines as a condition of employment. “Full vaccination” is defined as two weeks after both doses of a two-dose vaccine or two weeks since a single-dose vaccine has been administered. Anyone unable to be vaccinated, either because of a sincerely held religious belief or a medical condition or disability that prevents them from being vaccinated, can request a reasonable accommodation.