Staff Security Engineer

Summary

Join Grafana Labs as a Staff Security Assurance Engineer and lead the GRC engineering team, responsible for developing and implementing security strategies to ensure industry certifications. You will work with other teams to maintain the overall security posture, build automated security systems, and contribute to open-source projects. This role requires hands-on development experience, deep knowledge of cloud-native security, and expertise in automating security compliance processes. You will collaborate with cross-functional teams, respond to security issues, and mentor team members. Grafana Labs is a 100% remote company that prioritizes work-life balance and offers competitive compensation and benefits.

Requirements

• Solid experience with at least one programming language. We primarily use Go, TypeScript, and Python but most languages translate well. You will take a code screen
• Deep knowledge of using and securing containerized, cloud-native applications, ideally with Kubernetes. Experience with multiple cloud providers is a strong plus
• Proven expertise in automating security compliance processes using tools, scripts, and frameworks while enabling developer and employee workflows
• Deep understanding of industry-recognized security frameworks, standards, and certifications, such as ISO 27001, SOC 2, PCI DSS, NIST, or GDPR
• Strong interpersonal skills. Experience collaborating (and negotiating) with peers, stakeholders, auditors, and customers
• Strong capability to manage multiple complex projects and deadlines simultaneously, ensuring timely delivery of security and compliance objectives
• A degree in Computer Science, Information Security, or related field (or equivalent experience)

Responsibilities

• Be a technical lead for our assurance team covering a range of areas, including certifications, application security, cloud security, and internal tooling development
• Develop, implement, and maintain highly automated security assurance programs to ensure compliance with organizational and regulatory requirements (e.g., ISO 27001, SOC 2, GDPR, NIST, PCI-DSS)
• Develop systems, automations, and methods of security observability to push the GRC engineering organization beyond just meeting certification requirements
• Deploy security and compliance checks in an employee-enabling way (guardrails and paved roads) in their daily workflows and build pipelines
• Define, optimize, and implement the engineering strategy in concert with the security leadership team, ICs and stakeholders across the business
• Design cutting-edge security metrics to show the security value of what we do
• Coach and mentor to ensure your team members are motivated, happy and engaged. Provide continuous feedback to ensure that they can add value while maintaining high standards
• Collaborate with cross-functional teams to integrate security controls into the software development lifecycle and operational processes
• Respond to customer security issues, security alerts, and potential incidents

Preferred Qualifications

• Working knowledge of Grafana Labs OSS projects and products. Experience in using observability tooling to solve security problems
• Experience working with OSS communities
• Experience securing large-scale distributed systems running in public clouds

Benefits

• Equity
• Bonus (if applicable)