Senior Application Security Engineer - #2487

Menlo Park, CA /
Computer Science and Software Engineering – Security /
GRAIL is a healthcare company whose mission is to detect cancer early, when it can be cured. GRAIL is focused on alleviating the global burden of cancer by developing pioneering technology to detect and identify multiple deadly cancer types early. The company is using the power of next-generation sequencing, population-scale clinical studies, and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology, and to develop its multi-cancer early detection blood test. GRAIL is headquartered in Menlo Park, CA with locations in Washington, D.C., North Carolina, and the United Kingdom. GRAIL, LLC is a wholly-owned subsidiary of Illumina, Inc. (NASDAQ:ILMN). For more information, please visit

We are hiring an Application Security Engineer for the newly formed Appsec team. In this role, you will work closely with engineering teams that build software to support all Grail’s Commercial Cloud software applications, tools and critical Appsec services (IAM & AWS services). We are looking for folks who are excited about pragmatic risk, continuous operational improvement and customer-centric security experiences. This is an excellent opportunity to join a fast paced, high growth, high impact group and apply new technologies and approaches to define, identify, evaluate, and maintain security for software solutions.

You Will:

    • Work within a team of engineers to deliver new features and tools
    • Work closely with product owners to transform roadmap items into functional software
    • Develop, implement, and maintain identity and access management solutions and AWS cloud platform.
    • Improve identity and access management solutions and systems for protection against evolving threats and efficiency.
    • Coach other members of the organization on the best practices that should be followed in identity and access management
    • Stay up-to-date on current IAM threats and industry solutions
    • Responsible for upholding code reviews across all code platforms
    • Take charge of bug intake and remediation process for the organization
    • Develop, configure and implement tooling to support DevSecOps processes including SAST, DAST, IAST, and SCA, in partnership with DevOps.
    • Discover security exposures and develop mitigation plans, and also report and fix the technical debt

Your Background Includes:

    • Strong AWS Security experience (AWS Certification is a huge plus) and Application Security Standards
    • Programming Skills - Java, Go Languages 
    • Deep understanding of security principles including encryption, OAuth, etc.
    • Extensive knowledge and experience with identity and access management technology, such as single sign-on (SSO), two-factor authentication, privileged access management, etc
    • Comprehensive knowledge and experience with authentication standards and technologies such as multi factor authentication, JSON Web Token (JWT), etc.
    • Experience in Okta, Auth0 would be a plus
    • Experience with SAST, DAST tools
    • The ability to collaborate and communicate effectively in all areas of the organization
    • Working closely with cross-functional teams (Engineering, DevOps, Product) while carrying out daily tasks
    • Bachelor's or Master's degree in Computer Science, Electrical Engineering, Bioinformatics, or similar technical field
    • Experience building and deploying applications to AWS or any cloud service provider would be a plus
GRAIL is an Equal Employment Office and Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status. We will reasonably accommodate all individuals with disabilities so that they can participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Following extensive monitoring, consideration of business implications, and advice from internal and external experts, GRAIL US has made the decision to require that all U.S. employees be “Fully Vaccinated” with the COVID-19 vaccine and “Up to Date” with any recommended booster. “Fully Vaccinated” is defined as two weeks after both doses of a two-dose vaccine (e.g. Pfizer or Moderna) or two weeks since a single-dose vaccine (e.g. Johnson & Johnson) has been administered; "Up to Date" means having timely received any COVID-19 vaccine booster(s) in accordance with CDC guidelines. Absent a qualifying exemption, all GRAIL US employees are to comply with this requirement, including providing documentation of such vaccination status, as a condition of employment. Anyone unable to be vaccinated, either because of a sincerely held religious belief or a medical condition or disability that prevents them from being vaccinated, can request a reasonable accommodation for consideration by GRAIL.