Senior Incident Response Manager (Menlo Park, CA) #4262

Our mission is to detect cancer early, when it can be cured. We are working to change the trajectory of cancer mortality and bring stakeholders together to adopt innovative, safe, and effective technologies that can transform cancer care.
We are a healthcare company, pioneering new technologies to advance early cancer detection. We have built a multi-disciplinary organization of scientists, engineers, and physicians and we are using the power of next-generation sequencing (NGS), population-scale clinical studies, and state-of-the-art computer science and data science to overcome one of medicine’s greatest challenges.
GRAIL is headquartered in Menlo Park, California, with locations in Washington, D.C., North Carolina, and the United Kingdom. It is supported by leading global investors and pharmaceutical, technology, and healthcare companies.
For more information, please visit grail.com.
We are seeking an experienced Senior Incident Response Manager to lead our Platform, security and incident response and recovery efforts, collaborating closely with Platform Engineering and Cybersecurity teams to ensure seamless incident detection, response, and resolution. The ideal candidate has deep expertise in incident handling, threat intelligence, automation, and cloud-native security within modern hybrid environments.
This is a hybrid role in our Menlo Park, CA location

Responsibilities

• Incident Response Leadership:
• Lead end-to-end incident response, from identification to containment, eradication, and recovery.
• Develop, maintain, and execute IR playbooks and runbooks aligned with NIST 800-61, CIS, and ISO 27001 standards.
• Oversee threat hunting activities to proactively identify vulnerabilities and threats.
• Security Monitoring & Detection:
• Manage SIEM platforms, intrusion detection systems, and anomaly detection tools for real-time analysis.
• Implement monitoring for hybrid environments (AWS, GCP, Azure, on-prem).
• Conduct regular threat analysis, vulnerability assessments, and risk evaluations.
• Collaboration with Platform Engineering Teams:
• Integrate security into CI/CD pipelines and DevSecOps processes.
• Work closely with DevOps and SRE to enhance infrastructure resilience, automation, and fault tolerance.
• Drive security improvements in container orchestration (Kubernetes, Docker) and infrastructure as code (Terraform, Ansible).
• Forensic Analysis & Reporting:
• Conduct forensic investigations on affected systems, collecting and preserving evidence.
• Produce executive-level incident reports and technical root-cause analyses.
• Present findings to senior leadership and stakeholders, highlighting risk mitigation strategies.
• Root Cause Analysis (RCA):
• Internal RCA: Lead comprehensive root cause analysis for all major incidents within internal systems and infrastructure, ensuring complete documentation and follow-up action items.
• Third-Party RCA: Collaborate with third-party vendors to perform joint RCAs, ensuring transparency, accountability, and timely resolution of incidents affecting shared infrastructure or services.
• Maintain RCA reports, track corrective actions, and enforce SLAs with third-party partners for incident resolution.
• Policy Development & Compliance:
• Design and enforce security policies and incident response procedures.
• Ensure alignment with compliance frameworks (NIST, HIPAA, CIS, SOC2, GDPR).
• Lead tabletop exercises and red team/blue team drills.
• Continuous Improvement & Automation:
• Identify opportunities for automation to improve incident detection and response time.
• Implement SOAR (Security Orchestration, Automation, and Response) platforms to optimize workflows.
• Stay current with evolving cybersecurity threats, technologies, and best practices.

Preferred Qualifications

• Education: 
• Bachelor’s degree in Cybersecurity, Information Technology, or related field (Master's preferred) or equivalent
• Experience:
• 7+ years of experience in Incident Response, Cybersecurity Operations, or DevSecOps.
• Strong background in DevOps, SRE, and cloud security best practices.
• Proven expertise in SIEM tools (Splunk, Sentinel, Elastic), EDR (CrowdStrike), and IDS/IPS systems.
• Familiarity with Terraform, Ansible, VMWare, Kubernetes, and Docker in high-availability environments.
• Experience with threat intelligence platforms and SOC operations.
• Demonstrated experience in conducting and managing Root Cause Analysis (RCA) both internally and with third-party vendors.
• Certifications (highly preferred):
• CISSP, CISM, GCIA, GCIH, OSCP, or equivalent.
• AWS Certified Security Specialist, GCP Professional Cloud Security Engineer, or Azure Security Engineer.
• Technical Skills:
• Advanced scripting (Python, Bash, PowerShell).
• Familiarity with Zero Trust architecture and network segmentation.
• Experience with vulnerability scanners (Qualys, Nessus, OpenVAS).
• Soft Skills:
• Exceptional analytical and problem-solving abilities.
• Strong leadership and team collaboration skills.
• Effective communication with technical and non-technical stakeholders.

Expected full time annual base pay scale for this position is $131K-$164K. Actual base pay will consider skills, experience and location.
Based on the role, colleagues may be eligible to participate in an annual bonus plan tied to company and individual performance, or an incentive plan. We also offer a long-term incentive plan to align company and colleague success over time.
In addition, GRAIL offers a progressive benefit package, including flexible time-off, a 401k with a company match, and alongside our medical, dental, vision plans, carefully selected mindfulness offerings.
GRAIL is an Equal Employment Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status. We will reasonably accommodate all individuals with disabilities so that they can participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. GRAIL maintains a drug-free workplace.