Guardant Health, Inc. · Palo Alto, CA

Senior Security Engineer at Guardant Health, Inc. — Palo Alto, CA

Full-timePalo Alto, CA$130,300–$179,200/yearPosted 2026-07-15Apply on Workday

Full job description

Company Description

Company Description Guardant Health is a leading precision oncology company focused on helping conquer cancer globally through the use of its proprietary blood tests, vast data sets, and advanced analytics. The Guardant Health Oncology Platform leverages capabilities to drive commercial adoption, improve patient clinical outcomes, and lower healthcare costs across all stages of the cancer care continuum.

Job Description

The Senior Security Engineer, reporting to the Associate Director of Security Engineering, will be responsible for designing, implementing, operating, and continuously improving Guardant Health’s core security capabilities. This role is broad and hands-on, spanning Security Tooling, Logging and Monitoring, Threat Detection, Incident Response, Vulnerability Management, Cloud Security, Endpoint Security, Identity, and Security Automation.

You will serve as a technical leader within the Security Engineering function, partnering closely with Security Architecture, IT, Cloud Infrastructure teams. This role requires someone comfortable wearing many hats — from managing enterprise security platforms and improving response workflows, to modernizing logging and detection capabilities, supporting investigations, reducing vulnerability risk, and helping mature the company’s overall security posture.

The ideal candidate has strong technical breadth, operational judgment, and the ability to move between engineering, operations, and incident response work in a fast-paced environment. You will help ensure Guardant Health has the right tools, telemetry, processes, and controls in place to detect, prevent, respond to, and recover from security threats. Lastly, the right person will love the technology and be excited to find open source solutions.

Duties and Responsibilities

  • Design, implement, operate, and continuously improve enterprise security tools across Endpoint, Cloud, Identity, Network, SaaS, Vulnerability Management, Logging, and Response platforms.
  • Oversee and optimize Managed Detection and Response (MDR), as well as Security Orchestration, Automation, and Response (SOAR), capabilities and related integrations.
  • Serve as a technical owner for SIEM operations, including log source onboarding, data normalization, detection support, performance tuning, cost optimization, and regulatory logging requirements.
  • Develop, tune, and maintain high-value Threat Detection content, including SIEM rules, behavioral analytics, endpoint detections, cloud detections, and identity-based alerts.
  • Analyze security events, threat intelligence, and attacker tradecraft to improve detection coverage, validate alert effectiveness, and support incident response investigations.
  • Support and participate in Incident Response activities, including triage, investigation, containment, eradication, recovery, evidence collection, and post-incident reviews.
  • Support security investigations involving endpoint activity, cloud events, identity logs, network telemetry, SaaS activity, and other relevant data sources.
  • Provide expertise on EDR tooling including policy configuration, telemetry ingestion, detections, response actions, host containment, and integrations with other security systems.
  • Support Vulnerability Management activities, including scanner operations, asset coverage, vulnerability validation, risk prioritization, remediation tracking, exception handling, and reporting.
  • Manage threats from AWS and cloud-native environments, including monitoring and respond to CloudTrail, VPC Flow Logs, workload logs, IAM activity, container activity, and cloud security findings.
  • Build dashboards, metrics, and reports to measure Security Tool health, detection coverage, Vulnerability Management posture, Incident Response effectiveness, and overall security program maturity.
  • Develop and maintain documentation, operational runbooks, incident response playbooks, engineering standards, and tool administration procedures.
  • Evaluate AI-assisted security capabilities for detection, response, vulnerability management, and automation, while helping define how AI systems, agents, and usage are logged, monitored, and assessed for risk.
  • Provide technical leadership, mentorship, and guidance to junior engineers, analysts, and cross-functional partners.
  • Stay current on emerging threats, attacker tradecraft, vulnerability trends, Security Tooling, Cloud Security practices, and Security Engineering best practices.

Qualifications

  • 5+ years of experience in Security Engineering, Security Operations, Incident Response, Vulnerability Management, Detection Engineering, or a related security role.
  • Broad hands-on experience administering and improving enterprise security tools.
  • Experience supporting Incident Response in a SOC or enterprise security environment.
  • Strong experience with SIEM platforms, including log ingestion, alerting, detection content, dashboards, and operational support.
  • Experience with EDR platforms, including investigation, containment, policy management, and response workflows.
  • Experience with Vulnerability Management platforms and processes, including vulnerability scanning, prioritization, remediation tracking, and reporting.
  • Hands-on experience securing and monitoring AWS or other cloud environments.
  • Experience working with identity and access logs, preferably including Okta or similar identity platforms.
  • Strong understanding of endpoint, cloud, identity, network, SaaS, and infrastructure security telemetry.
  • Experience developing documentation, runbooks, playbooks, and repeatable operational procedures.
  • Experience modernizing SIEM, Logging, or Security Monitoring architectures.
  • Experience with detection engineering frameworks such as MITRE ATT&CK.
  • Experience building or managing SOAR workflows, response automation, or security orchestration.
  • Experience with cloud security posture management, cloud workload protection, container security, or infrastructure-as-code security tools.
  • Experience in healthcare, biotech, life sciences, or other regulated environments a plus.
  • Familiarity with compliance and regulatory requirements that influence Security Logging, Monitoring, Vulnerability Management, and Incident Response a plus.
  • Understanding of AI and machine-learning use cases in security, including detection, automation, monitoring, and governance considerations.
  • Strong written and verbal communication skills, with the ability to explain security risks and technical issues to both technical and non-technical stakeholders.

AI & Digital Fluency

  • Demonstrate curiosity, sound judgment, and the ability to critically evaluate and responsibly leverage AI-enabled tools in accordance with company policies, ethical standards, and regulatory requirements to improve the efficiency, effectiveness, and quality of work.

The annualized base salary ranges for the primary location and any additional locations are listed below. This range does not include benefits or, if applicable, bonus, commission, or equity. Each candidate’s compensation offer will be based on multiple factors including, but not limited to, geography, experience, education, job-related skills, job duties, and business need.

Primary Location: Palo Alto, CA
Primary Location Base Pay Range: $130,300 - $179,200
Other US Location(s) Base Pay Range: $110,755 - $152,320
If the role is performed in Colorado, the pay range for this job is: $117,270 - $161,280 Employee may be required to lift routine office supplies and use office equipment. Majority of the work is performed in a desk/office environment; however, there may be exposure to high noise levels, fumes, and biohazard material in the laboratory environment. Ability to sit for extended periods of time.