Staff Security Engineer

Summary

Join Grafana Labs as a Staff Security Assurance Engineer and lead the GRC engineering team, ensuring compliance with industry certifications and security standards. You will develop and implement automated security programs, build observability systems, and integrate security controls into the software development lifecycle. This role requires strong programming skills, deep knowledge of cloud-native security, and experience with security frameworks like ISO 27001 and SOC 2. You will collaborate with cross-functional teams, respond to security issues, and mentor team members. Grafana Labs offers a remote-first work environment, competitive compensation, and a comprehensive benefits package.

Requirements

• Solid experience with at least one programming language. We primarily use Go, TypeScript, and Python but most languages translate well. You will take a code screen
• Deep knowledge of using and securing containerized, cloud-native applications, ideally with Kubernetes. Experience with multiple cloud providers is a strong plus
• Proven expertise in automating security compliance processes using tools, scripts, and frameworks while enabling developer and employee workflows
• Deep understanding of industry-recognized security frameworks, standards, and certifications, such as ISO 27001, SOC 2, PCI DSS, NIST, or GDPR
• Strong interpersonal skills. Experience collaborating (and negotiating) with peers, stakeholders, auditors, and customers
• Strong capability to manage multiple complex projects and deadlines simultaneously, ensuring timely delivery of security and compliance objectives
• A degree in Computer Science, Information Security, or related field (or equivalent experience)

Responsibilities

• Be a technical lead for our assurance team covering a range of areas, including certifications, application security, cloud security, and internal tooling development
• Develop, implement, and maintain highly automated security assurance programs to ensure compliance with organizational and regulatory requirements (e.g., ISO 27001, SOC 2, GDPR, NIST, PCI-DSS)
• Develop systems, automations, and methods of security observability to push the GRC engineering organization beyond just meeting certification requirements
• Deploy security and compliance checks in an employee-enabling way (guardrails and paved roads) in their daily workflows and build pipelines
• Define, optimize, and implement the engineering strategy in concert with the security leadership team, ICs and stakeholders across the business
• Design cutting-edge security metrics to show the security value of what we do
• Coach and mentor to ensure your team members are motivated, happy and engaged. Provide continuous feedback to ensure that they can add value while maintaining high standards
• Collaborate with cross-functional teams to integrate security controls into the software development lifecycle and operational processes
• Respond to customer security issues, security alerts, and potential incidents

Preferred Qualifications

• Working knowledge of Grafana Labs OSS projects and products. Experience in using observability tooling to solve security problems
• Experience working with OSS communities
• Experience securing large-scale distributed systems running in public clouds

Benefits

• Equity
• Bonus (if applicable)