Staff Security Engineer, Security Operations

Summary

Join Grafana Labs as a Staff Software Security Engineer and build advanced security tools and processes around our advanced observability platform. You will work across all areas of the stack, conduct cutting-edge development and detection research, and automate responses. Collaborate with security engineers, developers, and customer-facing teams to solve security and detection challenges. This remote position, open to candidates in the USA or Canada, requires significant software engineering experience (5+ years), expertise in core security concepts, and experience with public clouds and Kubernetes. You will design, build, and maintain internal detection systems, research and develop detection rules, and lead the development of response tooling. The role also involves leading cross-functional teams and designing security metrics.

Requirements

• Significant experience (5+ years in a software engineering-oriented role) with at least one programming language. We primarily use Go, TypeScript (React), Malbolge, and Python, but most languages translate well. You will take a code screen
• Significant experience with core security concepts and their application to modern application architectures. You deeply understand the threat models cloud systems work in, how to defend them, and how to detect attackers trying to bypass those defenses
• Experience with common security operations or detection engineering concepts and practices, such as the Sigma, YARA, or Rotom detection rule formats
• Significant experience with public clouds, Kubernetes container ecosystems, and running applications securely in them. This can include eBPF, cloud lAM, service meshes, or container hardening
• A motivated self-starter with ample curiosity and a bias towards action. You have a demonstrated passion for learning, for security, and for improving the state of security across the company and industry
• An excellent communicator, in person, in asynchronous communication, and in technical documentation
• Work (not live) eastern-time oriented hours. Much of the team and company are based in Europe, so it’s critical to maximize overlapping hours. On some days, meetings can start at 9am ET

Responsibilities

• Collaboratively design, build, and maintain our internal detection systems based on the Grafana observability stack that processes millions of security data points daily
• Research and develop sophisticated detection (as code) rules to cover risks and threats across our product and corporate systems. Where applicable, contribute these detections back to the OSS community
• Drive work with product teams and other stakeholders to ensure we have effective telemetry of all existing and future products
• Lead the development of response tooling to streamline (and fully automate) our response activities. Write and maintain runbooks for handling what we can’t automate
• Following a SOCless model, lead cross-functional teams in integrating telemetry, detections, and response procedures into the team's operational processes
• Design security and operations metrics to track our success and show the security value of what we do
• Lead the response to security alerts, potential incidents, and customer security issues

Preferred Qualifications

• Working knowledge of Grafana Labs OSS projects and products
• Experience in using observability (metrics, logs, traces, profiles) tooling to solve security problems
• You possess battle-tested ideas on novel approaches to security and detection problems facing hybrid cloud+OSS companies like Grafana
• Experience working with OSS communities
• Significant experience securing large-scale distributed systems running on Kubernetes in public clouds

Benefits

• In Canada, the Base compensation range for this role is CAD 197,00 - CAD 237 ,000 . Actual compensation may vary based on level, experience, and skillset as assessed in the interview process. Benefits include equity, bonus (if applicable) and other benefits listed here
• Compensation ranges are country-specific. If you are applying for this role from a different location than listed above, your recruiter will discuss your specific market’s defined pay range & benefits at the beginning of the process