Software Security Engineer
This is a remote position. We are looking for candidates in Eastern US time zones.
We are looking for a Security Assurance Engineer to join our GRC engineering team. We are building a security system that’s automated at scale, rigorously data-driven, and built from the ground up with defense-in-depth and self-healing in mind. We support a highly autonomous, remote-first, cloud-native organization. We are a technical team that can build any tool we need, while knowing when to buy to improve velocity.
To support our growth and ambitious vision, we embrace agile principles and values, share openly, apply context-driven security mechanisms, default to action, and have an OSS-first mindset. We are a 100% remote company. We believe in high-velocity but sustainable expectations and timeframes, giving people the room to do great work.
The Opportunity:
The Security Security Assurance Engineer will collaborate across their team, the security department, and wider Grafana to articulate security policies, implement continuous monitoring, automate workflows, and write and deploy policies across all of our SDLC, applications, and infrastructure. The ideal candidate will have experience building, implementing and improving the maturity of security programs in Cloud-based SaaS organizations.
This role is significantly hands-on keyboard development, so programming experience is critical and a knowledge of securing cloud-native, container-based architectures are highly valuable. Knowledge of security standards and frameworks (ISO, FedRAMP, PCI-DSS, etc) is useful, but the disposition to quickly learn new things is more important than rote knowledge. Experience negotiating with peers, stakeholders, customers, and auditors is a plus. You will work alongside other security engineers, full-stack developers, and customer-facing teams.
What You’ll Be Doing:
Be a technical contributor on our assurance team covering a range of areas, including certifications, application, build, cloud, and supply chain security, and internal security tooling development
Develop, implement, and maintain highly automated security assurance programs to ensure compliance with organizational and regulatory requirements (e.g., ISO 27001, SOC 2, GDPR, NIST, PCI-DSS, TISAX, whatever else our customers eventually throw at us)
Develop systems, automations, and methods of security observability to push the GRC engineering organization beyond just meeting certification requirements
Deploy security and compliance checks in an employee-enabling way (guardrails and paved roads) in their daily workflows and build pipelines
Collaborate with cross-functional teams to integrate security controls into the software development lifecycle and operational processes.
Respond to customer security issues, security alerts, and potential incidents
What Makes You a Great Fit:
Solid experience with at least one programming language. We primarily use Go, TypeScript, and Python but most languages translate well. You will take a code screen.
Knowledge of using and securing containerized, cloud-native applications, ideally with Kubernetes. Experience with multiple cloud providers is a strong plus.
Experience in automating security compliance processes using tools, scripts, and frameworks while enabling developer and employee workflows.
Strong interpersonal skills. Some experience collaborating (and negotiating) with peers, stakeholders, auditors, and customers.
Some understanding of industry-recognized security frameworks, standards, and certifications, such as ISO 27001, SOC 2, PCI DSS, NIST, or GDPR.
A degree in Computer Science, Information Security, or related field (or equivalent experience).
Bonus Points For:
Working knowledge of Grafana Labs OSS projects and products. Experience in using observability tooling to solve security problems.
Experience working with OSS communities
Experience securing large-scale distributed systems running in public clouds
In the US, the base compensation range for this role is $123,933 - $148,719. Actual compensation may vary based on level, experience, and skillset as assessed throughout the interview process. All of our roles include Restricted Stock Units (RSUs), giving every team member ownership in Grafana Labs' success. We believe in shared outcomes—RSUs help us stay aligned and invested as we scale globally.
About the job
Apply for this position
Software Security Engineer
This is a remote position. We are looking for candidates in Eastern US time zones.
We are looking for a Security Assurance Engineer to join our GRC engineering team. We are building a security system that’s automated at scale, rigorously data-driven, and built from the ground up with defense-in-depth and self-healing in mind. We support a highly autonomous, remote-first, cloud-native organization. We are a technical team that can build any tool we need, while knowing when to buy to improve velocity.
To support our growth and ambitious vision, we embrace agile principles and values, share openly, apply context-driven security mechanisms, default to action, and have an OSS-first mindset. We are a 100% remote company. We believe in high-velocity but sustainable expectations and timeframes, giving people the room to do great work.
The Opportunity:
The Security Security Assurance Engineer will collaborate across their team, the security department, and wider Grafana to articulate security policies, implement continuous monitoring, automate workflows, and write and deploy policies across all of our SDLC, applications, and infrastructure. The ideal candidate will have experience building, implementing and improving the maturity of security programs in Cloud-based SaaS organizations.
This role is significantly hands-on keyboard development, so programming experience is critical and a knowledge of securing cloud-native, container-based architectures are highly valuable. Knowledge of security standards and frameworks (ISO, FedRAMP, PCI-DSS, etc) is useful, but the disposition to quickly learn new things is more important than rote knowledge. Experience negotiating with peers, stakeholders, customers, and auditors is a plus. You will work alongside other security engineers, full-stack developers, and customer-facing teams.
What You’ll Be Doing:
Be a technical contributor on our assurance team covering a range of areas, including certifications, application, build, cloud, and supply chain security, and internal security tooling development
Develop, implement, and maintain highly automated security assurance programs to ensure compliance with organizational and regulatory requirements (e.g., ISO 27001, SOC 2, GDPR, NIST, PCI-DSS, TISAX, whatever else our customers eventually throw at us)
Develop systems, automations, and methods of security observability to push the GRC engineering organization beyond just meeting certification requirements
Deploy security and compliance checks in an employee-enabling way (guardrails and paved roads) in their daily workflows and build pipelines
Collaborate with cross-functional teams to integrate security controls into the software development lifecycle and operational processes.
Respond to customer security issues, security alerts, and potential incidents
What Makes You a Great Fit:
Solid experience with at least one programming language. We primarily use Go, TypeScript, and Python but most languages translate well. You will take a code screen.
Knowledge of using and securing containerized, cloud-native applications, ideally with Kubernetes. Experience with multiple cloud providers is a strong plus.
Experience in automating security compliance processes using tools, scripts, and frameworks while enabling developer and employee workflows.
Strong interpersonal skills. Some experience collaborating (and negotiating) with peers, stakeholders, auditors, and customers.
Some understanding of industry-recognized security frameworks, standards, and certifications, such as ISO 27001, SOC 2, PCI DSS, NIST, or GDPR.
A degree in Computer Science, Information Security, or related field (or equivalent experience).
Bonus Points For:
Working knowledge of Grafana Labs OSS projects and products. Experience in using observability tooling to solve security problems.
Experience working with OSS communities
Experience securing large-scale distributed systems running in public clouds
In the US, the base compensation range for this role is $123,933 - $148,719. Actual compensation may vary based on level, experience, and skillset as assessed throughout the interview process. All of our roles include Restricted Stock Units (RSUs), giving every team member ownership in Grafana Labs' success. We believe in shared outcomes—RSUs help us stay aligned and invested as we scale globally.