Software Engineer - Security Assurance

This is a remote position. We are looking for candidates in Eastern US time zones.

We are looking for a Software Engineer Security Assurance to join our GRC engineering team. We are building a security system that’s automated at scale rigorously data-driven and built from the ground up with defense-in-depth and self-healing in mind. We support a highly autonomous remote-first cloud-native organization. We are a technical team that can build any tool we need while knowing when to buy to improve velocity.

To support our growth and ambitious vision we embrace agile principles and values share openly apply context-driven security mechanisms default to action and have an OSS-first mindset. We are a 100% remote company. We believe in high-velocity but sustainable expectations and timeframes giving people the room to do great work.

The Opportunity:

You will work to build out our security observability compliance and control management systems and tools. You will develop services and tools to proactively defend our systems provide visibility to our security state and give engineers and stakeholders guardrails and paved roads to behave securely. You will collaborate across your team the security department and wider Grafana to write and deploy security policies across all of our SDLC applications and infrastructure.

This is a very technical hands-on keyboard software engineering so development experience is critical. You will ideally have some experience building implementing and improving the maturity of security programs in Cloud-based SaaS organizations. Knowledge of security standards and frameworks (ISO FedRAMP PCI-DSS etc) is useful but the disposition to quickly learn new things is more important than rote knowledge. You will work alongside other security engineers full-stack developers and customer-facing teams. Experience guiding and negotiating with peers stakeholders customers and auditors is a plus.

What You’ll Be Doing:

• Be a technical contributor on our assurance team covering a range of areas including certifications application build cloud and supply chain security and internal security tooling development

• Develop implement and maintain highly automated security assurance programs to ensure compliance with organizational and regulatory requirements (e.g. ISO 27001 SOC 2 GDPR NIST PCI-DSS TISAX whatever else our customers eventually throw at us)

• Develop systems automations and methods of security observability to push the GRC engineering organization beyond just meeting certification requirements

• Deploy security and compliance checks in an employee-enabling way (guardrails and paved roads) in their daily workflows and build pipelines

• Collaborate with cross-functional teams to integrate security controls into the software development lifecycle and operational processes.

• Respond to customer security issues security alerts and potential incidents

What Makes You a Great Fit:

• Experience developing in a production environment with at least one programming language. We primarily use Go TypeScript and Python but most languages translate well. You will take a code screen and be expected to discuss programming principles such as algorithms data structures and optimization

• Knowledge of using and securing containerized cloud-native applications ideally with Kubernetes. Experience with multiple cloud providers is a strong plus

• Experience in automating security and compliance processes using tools scripts and frameworks while enabling developer and employee workflows

• Strong interpersonal skills. Some experience collaborating (and negotiating) with peers stakeholders auditors and customers

• Understanding of industry-recognized security frameworks standards and certifications such as ISO 27001 SOC 2 PCI DSS NIST or GDPR and how to apply them without added operational burden. You can gain this by reading the standards documents and audit guidance

• A degree in Computer Science Information Security or related field (or equivalent experience)

Bonus Points For:

• Working knowledge of Grafana Labs OSS projects and products. Experience in using observability tooling to solve security problems.

• Experience working with OSS communities

• Experience securing large-scale distributed systems running in public clouds

In the US the base compensation range for this role is $123933 - $148719. Actual compensation may vary based on level experience and skillset as assessed throughout the interview process. All of our roles include Restricted Stock Units (RSUs) giving every team member ownership in Grafana Labs' success. We believe in shared outcomes—RSUs help us stay aligned and invested as we scale globally.