Senior Incident Response Manager

Our mission is to detect cancer early, when it can be cured. We are working to change the trajectory of cancer mortality and bring stakeholders together to adopt innovative, safe, and effective technologies that can transform cancer care. We are a healthcare company, pioneering new technologies to advance early cancer detection. We have built a multi-disciplinary organization of scientists, engineers, and physicians and we are using the power of next-generation sequencing (NGS), population-scale clinical studies, and state-of-the-art computer science and data science to overcome one of medicine’s greatest challenges. GRAIL is headquartered in Menlo Park, California, with locations in Washington, D.C., North Carolina, and the United Kingdom. It is supported by leading global investors and pharmaceutical, technology, and healthcare companies. For more information, please visit grail.com.

Responsibilities

• Incident Response Leadership:
  • Lead end-to-end incident response, from identification to containment, eradication, and recovery.
  • Develop, maintain, and execute IR playbooks and runbooks aligned with NIST 800-61, CIS, and ISO 27001 standards.
  • Oversee threat hunting activities to proactively identify vulnerabilities and threats.
• Security Monitoring & Detection:
  • Manage SIEM platforms, intrusion detection systems, and anomaly detection tools for real-time analysis.
  • Implement monitoring for hybrid environments (AWS, GCP, Azure, on-prem).
  • Conduct regular threat analysis, vulnerability assessments, and risk evaluations.
• Collaboration with Platform Engineering Teams:
  • Integrate security into CI/CD pipelines and DevSecOps processes.
  • Work closely with DevOps and SRE to enhance infrastructure resilience, automation, and fault tolerance.
  • Drive security improvements in container orchestration (Kubernetes, Docker) and infrastructure as code (Terraform, Ansible).
• Forensic Analysis & Reporting:
  • Conduct forensic investigations on affected systems, collecting and preserving evidence.
  • Produce executive-level incident reports and technical root-cause analyses.
  • Present findings to senior leadership and stakeholders, highlighting risk mitigation strategies.
• Root Cause Analysis (RCA):
  • Internal RCA: Lead comprehensive root cause analysis for all major incidents within internal systems and infrastructure, ensuring complete documentation and follow-up action items.
  • Third-Party RCA: Collaborate with third-party vendors to perform joint RCAs, ensuring transparency, accountability, and timely resolution of incidents affecting shared infrastructure or services.
  • Maintain RCA reports, track corrective actions, and enforce SLAs with third-party partners for incident resolution.
• Policy Development & Compliance:
  • Design and enforce security policies and incident response procedures.
  • Ensure alignment with compliance frameworks (NIST, HIPAA, CIS, SOC2, GDPR).
  • Lead tabletop exercises and red team/blue team drills.
• Continuous Improvement & Automation:
  • Identify opportunities for automation to improve incident detection and response time.
  • Implement SOAR (Security Orchestration, Automation, and Response) platforms to optimize workflows.
  • Stay current with evolving cybersecurity threats, technologies, and best practices.

Preferred Qualifications

• Education: Bachelor’s degree in Cybersecurity, Information Technology, or related field (Master's preferred) or equivalent
• Experience: 7+ years of experience in Incident Response, Cybersecurity Operations, or DevSecOps. Strong background in DevOps, SRE, and cloud security best practices. Proven expertise in SIEM tools (Splunk, Sentinel, Elastic), EDR (CrowdStrike), and IDS/IPS systems. Familiarity with Terraform, Ansible, VMWare, Kubernetes, and Docker in high-availability environments. Experience with threat intelligence platforms and SOC operations. Demonstrated experience in conducting and managing Root Cause Analysis (RCA) both internally and with third-party vendors.
• Certifications (highly preferred): CISSP, CISM, GCIA, GCIH, OSCP, or equivalent. AWS Certified Security Specialist, GCP Professional Cloud Security Engineer, or Azure Security Engineer.
• Technical Skills: Advanced scripting (Python, Bash, PowerShell). Familiarity with Zero Trust architecture and network segmentation. Experience with vulnerability scanners (Qualys, Nessus, OpenVAS).
• Soft Skills: Exceptional analytical and problem-solving abilities. Strong leadership and team collaboration skills. Effective communication with technical and non-technical stakeholders.