Software Security Engineer, Detection & Response Engineering

Summary

Join Grafana Labs as a remote Software Security Engineer and build advanced security tools and processes around our advanced observability platform. You will work across all areas of the stack, conduct cutting-edge development and detection research, and automate responses. Collaborate with security engineers, developers, and customer-facing teams to solve security and detection challenges. This role involves designing, building, and maintaining internal detection systems, researching and developing detection rules, working with product teams to ensure effective telemetry, and building response tooling. You will also integrate telemetry, detections, and response procedures into operational processes, design security metrics, and respond to security alerts and incidents. This position requires experience with at least one programming language (Go, TypeScript, or Python preferred), core security concepts, detection engineering, public clouds, and container ecosystems. A degree in Computer Science or equivalent experience is required. The position is open to candidates in the USA and Canada only.

Requirements

• Solid experience with at least one programming language
• We primarily use Go, TypeScript (React), and Python, but most languages translate well
• You will take a code screen
• Some experience with core security concepts and their application to modern application architectures
• Some experience with detection engineering concepts and practices, such as the Sigma detection rule format
• Some experience with public clouds, container ecosystems, and running applications securely in them
• A motivated self starter with ample curiosity and a bias towards action
• A clear communicator, in person, in asynchronous communication, and in technical documentation
• Knowledge of, and ability to code is required for this role demonstrated by a degree in Computer Science or equivalent experience

Responsibilities

• Collaboratively design, build, and maintain our internal detection systems based around the Grafana observability stack that process millions of security data points a day
• Research and develop sophisticated detection (as code) rules to cover risks and threats across our product and corporate systems
• Where applicable, contribute these detections back to the OSS community
• Work with product teams and other stakeholders to ensure we have effective telemetry of all existing and future products
• Build and maintain response tooling to streamline (and fully automate) our response activities
• Write and maintain runbooks for handling what we can’t automate
• Following a SOCless model, work with cross-functional teams to integrate telemetry, detections, and response procedures into the teams operational processes
• Design security and operations metrics to track our success and show the security value of what we do
• Respond to security alerts, potential incidents, and customer security issues

Preferred Qualifications

• Working knowledge of Grafana Labs OSS projects and products
• Experience in using observability (metrics, logs, traces, profiles) tooling to solve security problems
• Experience working with OSS communities
• Experience securing large-scale distributed systems running on Kubernetes in public clouds

Benefits

• Equity
• Bonus (if applicable)