Director Cybersecurity Operations and Threat Intelligence - #4623

· Remote

Location

Remote

Type

Full Time

Job Description

Director Cybersecurity Operations and Threat Intelligence - #4623

Reposted 8 Hours Ago
Be an Early Applicant
Menlo Park CA USA
Hybrid
224K-322K Annually
Senior level
Artificial Intelligence • Big Data • Healthtech • Machine Learning • Software • Biotech
GRAIL is a healthcare company whose mission is to detect cancer early when it can be cured.
The Role
The Director of Cybersecurity Operations and Threat Intelligence leads security strategies SOC management incident response and threat intelligence ensuring robust protection against cyber threats especially in a healthcare context.
Summary Generated by Built In
Our mission is to detect cancer early when it can be cured. We are working to change the trajectory of cancer mortality and bring stakeholders together to adopt innovative safe and effective technologies that can transform cancer care.

We are a healthcare company pioneering new technologies to advance early cancer detection. We have built a multi-disciplinary organization of scientists engineers and physicians and we are using the power of next-generation sequencing (NGS) population-scale clinical studies and state-of-the-art computer science and data science to overcome one of medicine’s greatest challenges.

GRAIL is headquartered in the bay area of California with locations in Washington D.C. North Carolina and the United Kingdom. It is supported by leading global investors and pharmaceutical technology and healthcare companies.

For more information please visit grail.com

We are seeking a strategic and battle-tested Director of Cybersecurity Operations and Threat Intelligence to lead our defensive security strategy. In this pivotal role you will own the "shield" of the organization overseeing the Security Operations Center (SOC) Incident Response (IR) and Cyber Threat Intelligence (CTI) functions.
 
You will be responsible for detecting analyzing and neutralizing sophisticated cyber threats while proactively gathering intelligence to predict future attacks. This is a leadership role requiring a balance of deep technical expertise in defensive operations and the ability to communicate risk to executive leadership.
 
This role requires more than technical proficiency. We are looking for a leader who models GRAIL’s core values embodies our LEAD leadership attributes and delivers results with integrity inclusivity and strategic insight.
 
This role is based in Menlo Park California and will move to Sunnyvale California in Fall 2026. It offers a flexible work arrangement with the ability to work from GRAIL's office or from home. Our current flexible work arrangement policy requires that a minimum of 60% or 24 hours of your total work week be on-site. Your specific schedule determined in collaboration with your manager will align with team and business needs and could exceed the 60% requirement for the site. At our Menlo Park campus Tuesdays and Thursdays are the key days where we encourage on-site presence to engage in events and on-site activities.
 
 
 

Responsibilities

  • Security Operations (SecOps) Leadership
  • SOC Management: Direct the 24/7 Security Operations Center (internal or MSSP/MDR) ensuring rapid detection and containment of threats.
  • Incident Response: Serve as the primary commander during high-severity security incidents. Develop and maintain the Incident Response Plan (IRP) and conduct regular tabletop exercises.
  • Tooling & Architecture: Oversee the deployment and optimization of security tooling including SIEM SOAR EDR/XDR and IDS/IPS systems.
  • Automation: Drive the adoption of automation to reduce alert fatigue and decrease Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
  •  
  • Threat Intelligence & Hunting
  • Intelligence Program: Build and mature a Cyber Threat Intelligence (CTI) program that aggregates strategic operational and tactical intelligence.
  • Threat Hunting: Lead proactive threat hunting initiatives to identify indicators of compromise (IOCs) that evade automated detection tools.
  • Adversary Analysis: Map threat actor TTPs (Tactics Techniques and Procedures) against the MITRE ATT&CK framework to identify gaps in coverage.
  • Vulnerability Management: Collaborate with engineering teams to prioritize patching based on active threat intelligence rather than just CVSS scores.
  •  
  • Key responsibilities include: 
  • Strategy & Leadership: Develop and execute the Cybersecurity Operations and Threat Intelligence strategy. Lead a team of security professionals and foster a security-aware culture.
  • Cloud Native Defenses: Lead the monitoring and defense of our AWS environment. Oversee the configuration of AWS Security Hub GuardDuty Shield and container security tools (EKS/K8s).
  • SaMD Monitoring: Establish post-market surveillance and monitoring for our Software as a Medical Device (SaMD) platforms ensuring alignment with FDA pre- and post-market cybersecurity guidance.
  • Data Integrity: Implement specific monitoring controls to detect unauthorized changes to genomic datasets (integrity attacks) and analysis pipelines.
  • Lab Ops Defense: Secure the "physical" edge. Monitor and protect Laboratory Information Management Systems (LIMS) DNA sequencers and liquid handling robots.
  • Network Segmentation: Ensure the segmentation between corporate IT the Cloud Product environment and the high-sensitivity Lab OT network signal are feeding into SoC.
  • Legacy Device Management: Develop "compensating controls" and monitoring strategies for lab equipment that cannot be patched or runs on legacy OS.
  • Bio-Espionage Focus: Develop a Threat Intelligence program specifically tuned to detect IP theft industrial espionage and state-sponsored threats targeting genomic data.
  • Proactive Hunting: Lead threat hunts across petabytes of genomic data storage and compute environments to identify dormant threats or supply chain compromises.
  • Vulnerability Prioritization: Contextualize vulnerabilities based on clinical risk. (e.g. “Does this vulnerability impact the accuracy of a patient report?”).
  • Clinical Continuity: Design Incident Response (IR) plans that prioritize patient safety and lab uptime. Run tabletop exercises simulating ransomware in the lab or data corruption in the cloud.
  • Forensics: Lead forensic investigations with a chain-of-custody approach suitable for regulatory reporting (HIPAA/GDPR) and potential legal action.
  • Compliance & Governance: Ensure product adherence to relevant security regulations and industry standards. Stay updated on security trends and work with security IT and legal teams.
  • Incident Management: Work with the Incident Management team to integrate Lab Software and Enterprise cyber threats into incident response procedures into enterprise Cyber Incident Response Plan (C-IRP).
  • Reporting and Performance Monitoring: Define product security KPIs and present Cybersecurity operations and threat intelligence reports to senior management.
  • Collaboration & Communication: Partner with various teams to integrate security into the cybersecurity operations and threat intelligence roadmap. Communicate security topics effectively and build relationships with internal and external partners.
  • Collaboration with Stakeholders: Build strong relationships with IT product software quality and security team internal departments and external parties and third-party vendors to ensure effective governance and compliance practices.
  • Continuous Improvement: Evaluate current product security processes and identify opportunities for enhancements to improve efficiency and effectiveness.
  • Strategic Execution & Business Impact
  • Translate business objectives into technical strategies that reduce risk align with regulations and enable innovation.
  • Build and evolve stakeholder and team relationships across business units and geographies ensuring the delivery of tailored high-value solutions.
  • Serve as lead for key cybersecurity initiatives and milestones while ensuring stakeholder preparedness and training for execution.
  •  
  • Team Leadership & People Development
  • Inspire and build inclusive high-performing teams that thrive in fast-paced and ambiguous environments.
  • Mentor future leaders create growth pathways and embed feedback-rich talent-building practices.
  • Promote a collaborative culture that empowers individuals and celebrates curiosity and impact.
  • LEADership Attributes in Action
  • This Director level role is expected to lead through the LEAD framework:
  • L: Lead by Example​ - Model trust consistency and resilience. Navigate ambiguity and manage conflict constructively.
  • E: Engage Others​ - Inspire mission alignment communicate effectively across all levels and develop talent through coaching and feedback.
  • A: Achieve Results​ - Drive execution through accountability collaboration and a clear sense of ownership—even when facing setbacks.
  • D: Develop the Business​ - Address complex problems with clarity and innovation. Balance the needs of patients clients and partners in every decision.
  •  
  • GRAIL Core Values & Expected Behaviors
  • This Director level leader must live GRAIL’s values in every engagement:
  • Be Courageous​ - Challenge the status quo step up to address difficult issues and support others who do the same.
  • Solve Problems Together​ - Collaborate across boundaries bring in diverse skillsets and work with rigor speed and a data-driven mindset.
  • Think BIG!​ - Pursue ambitious goals with focused execution and bring in external perspectives to shape future solutions.
  • Embrace Change​ - Navigate ambiguity anticipate the future and turn complexity into opportunity.
  • Bring an Open Mind​ - Cultivate curiosity listen actively to diverse voices and challenge assumptions to unlock innovation.
  • These responsibilities summarize the role’s primary responsibilities and are not an exhaustive list. They may change at the company’s discretion.
     

Required Qualifications

  • 12+ years in Information Security with significant leadership experience in Biotech Pharma MedTech or Healthcare. We may also consider individuals with experience in innovative manufacturing backgrounds (like Tesla).
  • Cloud Expertise: Deep operational experience with AWS (Amazon Web Services) security stacks and serverless/containerized architectures.
  • Regulatory Knowledge: Strong familiarity with HIPAA GDPR FDA Cybersecurity Guidance for Medical Devices and GxP (Good Practice) requirements.
  • Hybrid Environments: Experience securing mixed environments containing both modern cloud tech and on-premise hardware/IoT (Lab equipment manufacturing or OT).
  • SIEM/SOAR: Experience architecting detection logic in modern platforms (e.g. Splunk Sumo Logic Datadog Security or AWS Lake Formation).
  • Frameworks: Deep understanding of MITRE ATT&CK (specifically for Cloud and ICS/Medical) and NIST CSF.
  • DevSecOps: Ability to integrate security operations into CI/CD pipelines to monitor infrastructure-as-code (IaC).
  • Bachelor’s degree in Computer Science Bioinformatics or Cybersecurity or equivalent.
  • Certifications: CISSP or CISM required. Specialized Certifications (Highly Preferred): AWS Certified Security – Specialty HCISPP (Healthcare) or GICSP (Industrial Cyber Security).
  • Strong communication and stakeholder management skills—from technical leads to C-suite executives
  • Global perspective from working with international stakeholders or teams
  •  

Preferred Qualifications

  • Experience leading cyber innovation initiatives across government and commercial sectors
  • Skilled at building cross-functional alignment and translating technical risks into business implications
  • Strong interpersonal coaching and influence skills
  •  

What We Offer

  • What We Offer
  • A leadership platform with the ability to shape cybersecurity strategy at scale
  • Meaningful work in a company that values courage impact and inclusion
  • Competitive compensation executive bonus structure and global exposure
  •  
    Access to mission-driven life-changing innovation through GRAIL’s transformative work​.

The expected full-time annual base pay scale for this position is $224-322k. Actual base pay will consider skills experience and location. 

This role may be eligible for other forms of compensation including an annual bonus and/or incentives subject to the terms of the applicable plans and Company discretion. This range reflects a good-faith estimate of the range that the Company reasonably expects to pay for the position upon hire; the actual compensation offered may vary depending on factors such as the candidate’s qualifications. Employees in this role are also eligible for GRAIL’s comprehensive and competitive benefits package offered in accordance with our applicable plans and policies. This package currently includes flexible time-off or vacation; a 401(k) retirement plan with employer match; medical dental and vision coverage; and carefully selected mindfulness programs.

GRAIL is an equal employment opportunity employer and we are committed to building a workplace where every individual can thrive contribute and grow. All qualified applicants will receive consideration for employment without regard to race color religion national origin sex gender gender identity sexual orientation age disability status as a protected veteran or any other class or characteristic protected by applicable federal state and local laws. Additionally GRAIL will consider for employment qualified applicants with arrest and conviction records in a manner consistent with applicable law and provide reasonable accommodations to qualified individuals with disabilities. Please contact us at [email protected] if you require an accommodation to apply for an open position.

GRAIL maintains a drug-free workplace. We welcome job-seekers from all backgrounds to join us!

Top Skills

AWS
Aws Lake Formation
Datadog Security
Edr/Xdr
Ids/Ips
SIEM
Soar
Splunk
Sumo Logic

What the Team is Saying

Neda Ronaghi
Ruth Mauntz
Tristan Matthews
David Jenions
Satnam Alag
Am I A Good Fit?
beta
Expert contributor network
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Menlo Park CA
918 Employees
Year Founded: 2016

What We Do

GRAIL is a healthcare company whose mission is to detect cancer early when it can be cured. GRAIL is using the power of high-intensity sequencing population-scale clinical studies and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology and to develop and commercialize pioneering products.

Why Work With Us

Everything we do is guided by our mission to detect cancer early when it can be cured. It’s the reason we’re here and it’s no small task. The right people make all the difference. That’s why we’re looking for those who strive to share their knowledge contribute their skills inspire each other and commit to something bigger than themselves.

Gallery

GRAIL Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

GRAIL has a variety of work types depending on the roles. Some are onsite like a lab role others are hybrid and still others are remote. Hybrid is typically Tuesday and Thursday but leaders may be flexible depending on the role.

Typical time on-site: 2 days a week
Company Office Image
HQMenlo Park CA
Company Office Image
London GB
Company Office Image
Raleigh NC
Company Office Image
Washington DC
Learn more

Similar Jobs

GRAIL

Senior Data Scientist

Artificial Intelligence • Big Data • Healthtech • Machine Learning • Software • Biotech
Hybrid
Menlo Park CA USA
918 Employees
156K-187K Annually

GRAIL

Senior Product Manager

Artificial Intelligence • Big Data • Healthtech • Machine Learning • Software • Biotech
Hybrid
2 Locations
918 Employees
136K-180K Annually

GRAIL

Account Director

Artificial Intelligence • Big Data • Healthtech • Machine Learning • Software • Biotech
Remote or Hybrid
USA
918 Employees
168K-231K Annually

GRAIL

Consultant

Artificial Intelligence • Big Data • Healthtech • Machine Learning • Software • Biotech
Remote or Hybrid
Fresno CA USA
918 Employees
94K-125K Annually
Apply Now

Date Posted

04/05/2026

Views

0

Back to Job Listings Add To Job List Company Profile View Company Reviews
Neutral
Subjectivity Score: 0
142,000+ Jobs Tracked
12,400+ Companies
1,930 Categories