Senior Security Assurance Engineer, Security (Remote, Canada)

This is a remote position. We are looking for candidates in Canadian time zones.

There are more than 700,000 active installations of Grafana around the globe, monitoring everything from beehives to climate change in the Alps. The instantly recognizable dashboards have been spotted everywhere from a SpaceX launch and Minecraft HQ to Wimbledon and the Tour de France. Grafana Labs also helps companies including Bloomberg, JPMorgan Chase, and eBay manage their observability strategies with full-stack offerings that can be run fully managed with Grafana Cloud, or self-managed with Grafana Enterprise Stack. The Grafana stack has grown to include two other open-source projects, Grafana Loki (for logs) and Grafana Tempo (for traces).

About the team

The Security team advances Grafana’s overall security posture through critical initiatives and coordination of large security projects. We build technologies, tools, and processes to enable engineering squads to better develop secure software, protect customer data, deploy systems with appropriate security controls and securely operate a remote workforce.

We are building a security system that’s automated at scale, rigorously data-driven and built from the ground up with defence-in-depth and self-healing in mind. This system will support a highly autonomous, remote-first, cloud-native organisation. We’re taking the best of open-source and commercial tooling and making them talk to each other to arrive at some very special outcomes. We also want to open-source as much of our work as possible to security practitioners.

To support our growth and ambitious vision, we embrace agile principles and values, share openly, apply context-driven security mechanisms, default to action, and have an OSS-first mindset. We are a 100% remote company.

For all that, we believe absolutely in agreeing on high-velocity but reasonable expectations and timeframes and giving people the room to do great work in a setting that prioritises health, happiness and work-life balance.

Role

The Senior Security Assurance Engineer will collaborate with teams in engineering, security, information technology, vendor management and other stakeholders to articulate security policies, implement continuous monitoring, automate workflows and configure alerts on policy failures.

Ideally, you would be familiar with operating in a cloud-native, remote organisation. This is an opportunity to help implement a security strategy and build the underlying platforms and workflows. You will get to work on projects alongside teams responsible for asset intelligence and governance (not management), security posture monitoring, compliance automation, customer security workflow automation and supplier security monitoring.

Key responsibilities

A successful candidate in this role would be able to:

• Build tooling and automation for internal use that enable the Security team to operate at high speed and wide scale.


• Automate and monitor key performance indicators and metrics for the security team such as control health, assets in scope and drift from a configuration baseline.


• Collaborate with Security stakeholders on their automation roadmap, understand their operational processes and develop technical solutions to scale critical business operations.


• Define a project plan and own metrics and key performance indicators to determine the effectiveness of your work delivery.


• Identify and deploy dogfooding opportunities associated with deploying and using Grafana as an observability product. Think critically about how to display complex security telemetry and large datasets in an insightful way for a variety of audiences such as senior leadership, legal counsel and software engineers.


• Document the result of automation activities for training and scalable use.


• Produce high-quality automation code.

What you’ll bring to the role

This role would be a good fit for you if you:

• Are comfortable working in a remote-first company and understand the importance of adapting and contextualising communication.


• Enjoy learning, growing, and supporting others to do the same.


• Have some experience as a Software Engineer and feel comfortable working with Go, SQL, Python, React and/or Typescript. We are happy to consider candidates with other backgrounds and experience.


• Have a security mindset and, ideally, proven experience.


• Enjoy transforming ideas into working code – you can design a solution, get feedback, and write a prototype yourself or collaborate closely with other engineers, product managers.


• Have experience operating or supporting AWS/GCP/Azure and containerised environments (e.g., AWS ECS, Docker, k8s)


• Enjoy working on complex solutions – Grafana is a highly technical solution with avid followers who rely on it every day and care deeply about their workflows.


• Enjoy working as a team. For us, working together means being collaborative, friendly, kind, and respectful.


• Have an interest in Grafana’s stack and a desire to contribute to our open-source foundations - We love dogfooding and giving back!


• Are able to communicate clearly in written and spoken English.


• Can create impact in a pragmatic, structured and simple way.

Education

• BS/MS degree in engineering, computer science, or information security, or equivalent experience.


• CISSP, CISA, CISM, cloud security solutions or developer certifications are a plus.

Equal Opportunity Employer (standard, do not edit)
At Grafana Labs we’re building a company where a diverse mix of talented people want to come, stay, and do their best work. We know that our company runs on the hard work and the dedication of our passionate and creative employees.

We will recruit, train, compensate and promote regardless of race, religion, colour, national origin, gender, disability, age, veteran status, and all the other fascinating characteristics that make us different and unique. We believe that equality and diversity builds a strong organisation and we’re working hard to make sure that’s the foundation of our organisation as we grow.

In Canada, the Base (OTE for commission positions) compensation range for this role is CAD 165,000- $ 199,000. Actual compensation may vary based on level, experience, and skillset as assessed in the interview. Benefits include equity, bonus (if applicable) and other benefits listed here.

About Grafana Labs: There are more than 20M users of Grafana, the open source visualization tool, around the globe, monitoring everything from beehives to climate change in the Alps. The instantly recognizable dashboards have been spotted everywhere from a NASA launch and Minecraft HQ to Wimbledon and the Tour de France. Grafana Labs also helps more than 3,000 companies - including Bloomberg, JPMorgan Chase, and eBay - manage their observability strategies with the Grafana LGTM Stack, which can be run fully managed with Grafana Cloud or self-managed with the Grafana Enterprise Stack, both featuring scalable metrics (Grafana Mimir), logs (Grafana Loki), and traces (Grafana Tempo)



Benefits: For more information about the perks and benefits of working at Grafana, please check out our careers page

Equal Opportunity Employer: At Grafana Labs we’re building a company where a diverse mix of talented people want to come, stay, and do their best work. We know that our company runs on the hard work and the dedication of our passionate and creative employees. If you're excited about this role but your experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways



We will recruit, train, compensate and promote regardless of race, religion, color, national origin, gender, disability, age, veteran status, and all the other fascinating characteristics that make us different and unique. We believe that equality and diversity builds a strong organization and we’re working hard to make sure that’s the foundation of our organization as we grow



For information about how your personal data is used once you’ve applied to a job, check out our privacy policy.