Senior (Application) Security Engineer

This is a remote position. We are looking for candidates in EMEA (UK, Spain, Sweden or Germany) and Eastern US time zones.

There are more than 700,000 active installations of Grafana around the globe, monitoring everything from beehives to climate change in the Alps. The instantly recognizable dashboards have been spotted everywhere from a SpaceX launch and Minecraft HQ to Wimbledon and the Tour de France. Grafana Labs also helps companies including Bloomberg, JPMorgan Chase, and eBay manage their observability strategies with full-stack offerings that can be run fully managed with Grafana Cloud, or self-managed with Grafana Enterprise Stack. The Grafana stack has grown to include two other open-source projects, Grafana Loki (for logs) and Grafana Tempo (for traces).

Grafana and the LGTM stack continue to be highly successful open-source projects and on-premise products, with over a million instances of our application running in the wild. Grafana is also the main frontend for Grafana Cloud where users can visualize their telemetry data as well as use our opinionated solutions for easier troubleshooting of both their infrastructure and their applications. 

Role

The Security team advances Grafana’s overall security posture by building technologies, tools, and processes to enable engineering squads to better develop secure software, protect customer data, deploy systems with appropriate security controls and securely operate a remote workforce.

The Senior Security Engineer will collaborate with teams in engineering, security, information technology and other stakeholders to embed secure coding principles throughout the whole SDLC. You will also work closely within the security engineering team to further improve internal tools used to enforce Grafana Labs overall security posture.

Ideally, you would be familiar with operating in a cloud-native, remote organisation. This is an opportunity to help implement a security strategy and embed a security first culture to the teams. You will get to work on implementing and automating security testing tools, manage security and design reviews, both black and white box testing. 

This is an individual contributor role reporting to the Senior Manager of Security Engineering.

Key responsibilities

A successful candidate in this role would be able to:

• Design, build and maintain security products.
• Develop integrations, tooling and automation for internal use that enable the Security Engineering team to operate at high speed and wide scale.
• Review and propose improvements to solutions as part of design and code review processes
• Automate and monitor key performance indicators and metrics for application security health.
• Coordinate threat modeling activities
• Support Grafana Labs’ Bug Bounty programs
• Define a project plan and own metrics and key performance indicators to determine the effectiveness of your work delivery.
• Create effective frameworks for internal and external security assessments
• Analyse and implement well-known frameworks for secure SDLC

What you’ll bring to the role

This role would be a good fit for you if you:

• Are comfortable working in a remote-first company and understand the importance of adapting and contextualising communication.
• Enjoy learning, growing, and supporting others to do the same.
• Have experience as an Application Security Engineer and feel comfortable working with Go, SQL, Python, React and/or Typescript. We are happy to consider candidates with other backgrounds and experience.
• Enjoy transforming ideas into working code – you can design a solution, get feedback, and write a prototype yourself or collaborate closely with other engineers, product managers.
• Have experience operating or supporting AWS/GCP/Azure and containerised environments (e.g., AWS ECS, Docker, k8s)
• Enjoy working on complex solutions – Grafana is a highly technical solution with avid followers who rely on it every day and care deeply about their workflows.
• Enjoy working as a team. For us, working together means being collaborative, friendly, kind, and respectful.
• Have an interest in Grafana’s stack and a desire to contribute to our open-source foundations - We love dogfooding and giving back!
• Are able to communicate clearly in written and spoken English.
• Can create impact in a pragmatic, structured and simple way.

Education

BS/MS degree in engineering, computer science, or information security, or equivalent experience.

CISSP, OSCP, CKA/CKS or developer certifications are a plus.

In the United Kingdom, the Base compensation range for this role is GBP 101,000 - GBP 121,000.  Actual compensation may vary based on level, experience, and skillset as assessed in the interview process. Benefits include equity, bonus (if applicable) and other benefits listed here.

*Compensation ranges are country-specific. If you are applying for this role from a different location than listed above, your recruiter will discuss your specific market’s defined pay range & benefits at the beginning of the process.

  About Grafana Labs: There are more than 20M users of Grafana, the open source visualization tool, around the globe, monitoring everything from beehives to climate change in the Alps. The instantly recognizable dashboards have been spotted everywhere from a NASA launch and Minecraft HQ to Wimbledon and the Tour de France. Grafana Labs also helps more than 3,000 companies -- including Bloomberg, JPMorgan Chase, and eBay -- manage their observability strategies with the Grafana LGTM Stack, which can be run fully managed with Grafana Cloud or self-managed with the Grafana Enterprise Stack, both featuring scalable metrics (Grafana Mimir), logs (Grafana Loki), and traces (Grafana Tempo).   Benefits: For more information about the perks and benefits of working at Grafana, please check out our careers page.   Equal Opportunity Employer: At Grafana Labs we’re building a company where a diverse mix of talented people want to come, stay, and do their best work. We know that our company runs on the hard work and the dedication of our passionate and creative employees. If you're excited about this role but your experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways.   We will recruit, train, compensate and promote regardless of race, religion, color, national origin, gender, disability, age, veteran status, and all the other fascinating characteristics that make us different and unique. We believe that equality and diversity builds a strong organization and we’re working hard to make sure that’s the foundation of our organization as we grow.   For information about how your personal data is used once you’ve applied to a job, check out our privacy policy.