Software Engineer - Security Assurance
This is a remote position. We are looking for candidates in Eastern US time zones.
We are looking for a Software Engineer, Security Assurance to join our GRC engineering team. We are building a security system that’s automated at scale, rigorously data-driven, and built from the ground up with defense-in-depth and self-healing in mind. We support a highly autonomous, remote-first, cloud-native organization. We are a technical team that can build any tool we need, while knowing when to buy to improve velocity.
To support our growth and ambitious vision, we embrace agile principles and values, share openly, apply context-driven security mechanisms, default to action, and have an OSS-first mindset. We are a 100% remote company. We believe in high-velocity but sustainable expectations and timeframes, giving people the room to do great work.
The Opportunity:
You will work to build out our security observability, compliance, and control management systems and tools. You will develop services and tools to proactively defend our systems, provide visibility to our security state, and give engineers and stakeholders guardrails and paved roads to behave securely. You will collaborate across your team, the security department, and wider Grafana to write and deploy security policies across all of our SDLC, applications, and infrastructure.
This is a very technical, hands-on keyboard software engineering, so development experience is critical. You will ideally have some experience building, implementing and improving the maturity of security programs in Cloud-based SaaS organizations. Knowledge of security standards and frameworks (ISO, FedRAMP, PCI-DSS, etc) is useful, but the disposition to quickly learn new things is more important than rote knowledge. You will work alongside other security engineers, full-stack developers, and customer-facing teams. Experience guiding and negotiating with peers, stakeholders, customers, and auditors is a plus.
What You’ll Be Doing:
Be a technical contributor on our assurance team covering a range of areas, including certifications, application, build, cloud, and supply chain security, and internal security tooling development
Develop, implement, and maintain highly automated security assurance programs to ensure compliance with organizational and regulatory requirements (e.g., ISO 27001, SOC 2, GDPR, NIST, PCI-DSS, TISAX, whatever else our customers eventually throw at us)
Develop systems, automations, and methods of security observability to push the GRC engineering organization beyond just meeting certification requirements
Deploy security and compliance checks in an employee-enabling way (guardrails and paved roads) in their daily workflows and build pipelines
Collaborate with cross-functional teams to integrate security controls into the software development lifecycle and operational processes.
Respond to customer security issues, security alerts, and potential incidents
What Makes You a Great Fit:
Experience developing in a production environment with at least one programming language. We primarily use Go, TypeScript, and Python but most languages translate well. You will take a code screen and be expected to discuss programming principles such as algorithms, data structures, and optimization
Knowledge of using and securing containerized, cloud-native applications, ideally with Kubernetes. Experience with multiple cloud providers is a strong plus
Experience in automating security and compliance processes using tools, scripts, and frameworks while enabling developer and employee workflows
Strong interpersonal skills. Some experience collaborating (and negotiating) with peers, stakeholders, auditors, and customers
Understanding of industry-recognized security frameworks, standards, and certifications, such as ISO 27001, SOC 2, PCI DSS, NIST, or GDPR, and how to apply them without added operational burden. You can gain this by reading the standards documents and audit guidance
A degree in Computer Science, Information Security, or related field (or equivalent experience)
Bonus Points For:
Working knowledge of Grafana Labs OSS projects and products. Experience in using observability tooling to solve security problems.
Experience working with OSS communities
Experience securing large-scale distributed systems running in public clouds
In the US, the base compensation range for this role is $123,933 - $148,719. Actual compensation may vary based on level, experience, and skillset as assessed throughout the interview process. All of our roles include Restricted Stock Units (RSUs), giving every team member ownership in Grafana Labs' success. We believe in shared outcomes—RSUs help us stay aligned and invested as we scale globally.
About the job
Apply for this position
Software Engineer - Security Assurance
This is a remote position. We are looking for candidates in Eastern US time zones.
We are looking for a Software Engineer, Security Assurance to join our GRC engineering team. We are building a security system that’s automated at scale, rigorously data-driven, and built from the ground up with defense-in-depth and self-healing in mind. We support a highly autonomous, remote-first, cloud-native organization. We are a technical team that can build any tool we need, while knowing when to buy to improve velocity.
To support our growth and ambitious vision, we embrace agile principles and values, share openly, apply context-driven security mechanisms, default to action, and have an OSS-first mindset. We are a 100% remote company. We believe in high-velocity but sustainable expectations and timeframes, giving people the room to do great work.
The Opportunity:
You will work to build out our security observability, compliance, and control management systems and tools. You will develop services and tools to proactively defend our systems, provide visibility to our security state, and give engineers and stakeholders guardrails and paved roads to behave securely. You will collaborate across your team, the security department, and wider Grafana to write and deploy security policies across all of our SDLC, applications, and infrastructure.
This is a very technical, hands-on keyboard software engineering, so development experience is critical. You will ideally have some experience building, implementing and improving the maturity of security programs in Cloud-based SaaS organizations. Knowledge of security standards and frameworks (ISO, FedRAMP, PCI-DSS, etc) is useful, but the disposition to quickly learn new things is more important than rote knowledge. You will work alongside other security engineers, full-stack developers, and customer-facing teams. Experience guiding and negotiating with peers, stakeholders, customers, and auditors is a plus.
What You’ll Be Doing:
Be a technical contributor on our assurance team covering a range of areas, including certifications, application, build, cloud, and supply chain security, and internal security tooling development
Develop, implement, and maintain highly automated security assurance programs to ensure compliance with organizational and regulatory requirements (e.g., ISO 27001, SOC 2, GDPR, NIST, PCI-DSS, TISAX, whatever else our customers eventually throw at us)
Develop systems, automations, and methods of security observability to push the GRC engineering organization beyond just meeting certification requirements
Deploy security and compliance checks in an employee-enabling way (guardrails and paved roads) in their daily workflows and build pipelines
Collaborate with cross-functional teams to integrate security controls into the software development lifecycle and operational processes.
Respond to customer security issues, security alerts, and potential incidents
What Makes You a Great Fit:
Experience developing in a production environment with at least one programming language. We primarily use Go, TypeScript, and Python but most languages translate well. You will take a code screen and be expected to discuss programming principles such as algorithms, data structures, and optimization
Knowledge of using and securing containerized, cloud-native applications, ideally with Kubernetes. Experience with multiple cloud providers is a strong plus
Experience in automating security and compliance processes using tools, scripts, and frameworks while enabling developer and employee workflows
Strong interpersonal skills. Some experience collaborating (and negotiating) with peers, stakeholders, auditors, and customers
Understanding of industry-recognized security frameworks, standards, and certifications, such as ISO 27001, SOC 2, PCI DSS, NIST, or GDPR, and how to apply them without added operational burden. You can gain this by reading the standards documents and audit guidance
A degree in Computer Science, Information Security, or related field (or equivalent experience)
Bonus Points For:
Working knowledge of Grafana Labs OSS projects and products. Experience in using observability tooling to solve security problems.
Experience working with OSS communities
Experience securing large-scale distributed systems running in public clouds
In the US, the base compensation range for this role is $123,933 - $148,719. Actual compensation may vary based on level, experience, and skillset as assessed throughout the interview process. All of our roles include Restricted Stock Units (RSUs), giving every team member ownership in Grafana Labs' success. We believe in shared outcomes—RSUs help us stay aligned and invested as we scale globally.