Senior Security Engineer, Security Assurance (Remote, Canada EST)

  • Grafana Labs
  • Canada
  • 05 Jul, 2024

Job Description

This is a remote position and we are looking for candidates in Canada Eastern timezones.

About the team

The Security team advances Grafana’s overall security posture through critical initiatives and coordination of large security projects. We build technologies, tools, and processes to enable engineering squads to better develop secure software, protect customer and employee data, deploy systems with appropriate security controls, and securely operate a remote workforce. 

We are building a security system that’s automated at scale, rigorously data-driven, and built from the ground up with defense-in-depth and self-healing in mind. This system will support a highly autonomous, remote-first, cloud-native organization. We’re taking the best of open-source and commercial tooling and making them talk to each other to arrive at some very special outcomes.  We also want to open-source as much of our work as possible to security practitioners.

To support our growth and ambitious vision, we embrace agile principles and values, share openly, apply context-driven security mechanisms, default to action, and have an OSS-first mindset. We are a 100% remote company.

For all that, we believe absolutely in agreeing on high-velocity but reasonable expectations and timeframes and giving people the room to do great work in a setting that prioritizes health, happiness, and work-life balance.

Role

The Senior Security Assurance Engineer will collaborate with teams in engineering, security, cloud platforms, information technology, vendor management, and other stakeholders to articulate security policies, implement continuous monitoring, automate workflows, and configure alerts on policy failures.

Ideally, you would be familiar with operating in a cloud-native, remote organization. This is an opportunity to help implement a security strategy and build the underlying platforms and workflows.

You will get to work on expanding the capabilities of our asset intelligence and governance program, security posture monitoring, compliance automation, customer security observability automation, and supplier security monitoring. Think about all the layers to build observability for system uptime, but now extending that to other layers of security that impact confidentiality and integrity (encryption, access control, incident response, etc.).

While deep knowledge of security standards and frameworks is essential for this role, you should also have provable experience automating security posture management, automating repetitive processes, and maximizing the suite of Grafana products to build self-serve security posture observability. You will work alongside other security engineers, full-stack developers, and customer-facing teams.

This is an individual contributor role reporting to the Director of Security Assurance.

Responsibilities

A successful candidate in this role would be able to:

  • Work autonomously to develop, build, and roll out information, cyber, open source, and cloud security governance frameworks.
  • Design, build, launch, and scale the asset intelligence & governance program on Grafana.
  • Establish a cadence for security program reviews, support existing accreditations, and identify strategic maturity opportunities for compliance.
  • Design and deliver monthly technology and security risk management workshops.
  • Build reasonable and self-serve partnerships with cross-functional stakeholders who are decision-makers and contributors to security initiatives.
  • Socialize and provide awareness of policies, standards, processes, and controls with relevant stakeholders.
  • Serve as the security SME to partner with engineering and operations teams on the business continuity and disaster readiness program.
  • Design, build, and manage Security GRC and Disaster Readiness reporting metrics and dashboards.

What you’ll bring to the role

This role would be a good fit for you if you:

  1. Are comfortable working in a remote-first company and understand the importance of adapting and contextualizing the security controls.
  2. Enjoy learning, growing, and supporting others to do the same. 
  3. Be very comfortable with at least one scripting language and a query language like SQL.
  4. Enjoy navigating cloud-native environments and building automated processes for security posture management, compliance engineering, and continuous controls monitoring (indicative platforms and tools include GCP, AWS, Azure, Kubernetes, cloudquery, Grafana, LogicGate, Secureframe, Jira, ServiceNow GRC, anecdotes.ai, Drata, Vanta).
  5. Have some experience working with Platform and Security to scope, operationalize, and scale Business Impact Assessments (BIAs), Business Continuity Management Systems (BCMS), and Disaster Readiness Strategies for cloud-first companies.
  6. Know how to define a project plan, milestones, and key performance indicators to determine the effectiveness of your work delivery.
  7. Enjoy working on complex solutions – Grafana is a highly technical solution with avid followers who rely on it everyday and care deeply about their workflows.
  8. Enjoy working autonomously. While we defer to collaboration and teamwork, you should enjoy taking a problem and autonomously designing the solution, engaging the right stakeholders, and demonstrating the “own it” mindset to run through implementation.
  9. Have an interest in Grafana’s stack and a desire to contribute to our open-source foundations - We love dogfooding and giving back!
  10. Are able to communicate clearly in written and spoken English.
  11. Can create impact in a pragmatic, structured, simple and quick way.

Education

  • BS/MS degree in engineering, computer science, or information security, or equivalent experience.
  • CISSP, CISA, CISM, and cloud security solutions are a plus.

In Canada, the Base compensation range for this role is CAD 165,882 - CAD 199,058.  Actual compensation may vary based on level, experience, and skillset as assessed in the interview process. Benefits include equity, bonus (if applicable) and other benefits listed here.

*Compensation ranges are country-specific. If you are applying for this role from a different location than listed above, your recruiter will discuss your specific market’s defined pay range & benefits at the beginning of the process.

 
About Grafana Labs: There are more than 20M users of Grafana, the open source visualization tool, around the globe, monitoring everything from beehives to climate change in the Alps. The instantly recognizable dashboards have been spotted everywhere from a NASA launch and Minecraft HQ to Wimbledon and the Tour de France. Grafana Labs also helps more than 3,000 companies -- including Bloomberg, JPMorgan Chase, and eBay -- manage their observability strategies with the Grafana LGTM Stack, which can be run fully managed with Grafana Cloud or self-managed with the Grafana Enterprise Stack, both featuring scalable metrics (Grafana Mimir), logs (Grafana Loki), and traces (Grafana Tempo).
 
Benefits: For more information about the perks and benefits of working at Grafana, please check out our careers page.
 
Equal Opportunity Employer: At Grafana Labs we’re building a company where a diverse mix of talented people want to come, stay, and do their best work. We know that our company runs on the hard work and the dedication of our passionate and creative employees. If you're excited about this role but your experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways.
 
We will recruit, train, compensate and promote regardless of race, religion, color, national origin, gender, disability, age, veteran status, and all the other fascinating characteristics that make us different and unique. We believe that equality and diversity builds a strong organization and we’re working hard to make sure that’s the foundation of our organization as we grow.
 
For information about how your personal data is used once you’ve applied to a job, check out our privacy policy