Software Engineer, Security Assurance | Canada | Remote

Grafana Labs is a remote-first, open-source powerhouse. There are more than 20M users of Grafana, the open source visualization tool, around the globe, monitoring everything from beehives to climate change in the Alps. The instantly recognizable dashboards have been spotted everywhere from a NASA launch and Minecraft HQ to Wimbledon and the Tour de France. Grafana Labs also helps more than 3,000 companies -- including Bloomberg, JPMorgan Chase, and eBay -- manage their observability strategies with the Grafana LGTM Stack, which can be run fully managed with Grafana Cloud or self-managed with the Grafana Enterprise Stack, both featuring scalable metrics (Grafana Mimir), logs (Grafana Loki), and traces (Grafana Tempo).

We’re scaling fast and staying true to what makes us different: an open-source legacy, a global collaborative culture, and a passion for meaningful work. Our team thrives in an innovation-driven environment where transparency, autonomy, and trust fuel everything we do.

You may not meet every requirement, and that’s okay. If this role excites you, we’d love you to raise your hand for what could be a truly career-defining opportunity.

This is a remote position. We are looking for candidates in Eastern Canada time zones.

We are looking for a Software Engineer, Security Assurance to join our GRC engineering team. We are building a security system that’s automated at scale, rigorously data-driven, and built from the ground up with defense-in-depth and self-healing in mind. We support a highly autonomous, remote-first, cloud-native organization. We are a technical team that can build any tool we need, while knowing when to buy to improve velocity.

To support our growth and ambitious vision, we embrace agile principles and values, share openly, apply context-driven security mechanisms, default to action, and have an OSS-first mindset. We are a 100% remote company. We believe in high-velocity but sustainable expectations and timeframes, giving people the room to do great work.

The Opportunity:

You will work to build out our security observability, compliance, and control management systems and tools. You will develop services and tools to proactively defend our systems, provide visibility to our security state, and give engineers and stakeholders guardrails and paved roads to behave securely. You will collaborate across your team, the security department, and wider Grafana to write and deploy security policies across all of our SDLC, applications, and infrastructure.

This is a very technical, hands-on keyboard software engineering, so development experience is critical. You will ideally have some experience building, implementing and improving the maturity of security programs in Cloud-based SaaS organizations. Knowledge of security standards and frameworks (ISO, FedRAMP, PCI-DSS, etc) is useful, but the disposition to quickly learn new things is more important than rote knowledge. You will work alongside other security engineers, full-stack developers, and customer-facing teams. Experience guiding and negotiating with peers, stakeholders, customers, and auditors is a plus. 

What You’ll Be Doing:

- Be a technical contributor on our assurance team covering a range of areas, including certifications, application, build, cloud, and supply chain security, and internal security tooling development
- Develop, implement, and maintain highly automated security assurance programs to ensure compliance with organizational and regulatory requirements (e.g., ISO 27001, SOC 2, GDPR, NIST, PCI-DSS, TISAX, whatever else our customers eventually throw at us)
- Develop systems, automations, and methods of security observability to push the GRC engineering organization beyond just meeting certification requirements
- Deploy security and compliance checks in an employee-enabling way (guardrails and paved roads) in their daily workflows and build pipelines
- Collaborate with cross-functional teams to integrate security controls into the software development lifecycle and operational processes.
- Respond to customer security issues, security alerts, and potential incidents

What Makes You a Great Fit:

- Experience developing in a production environment with at least one programming language. We primarily use Go, TypeScript, and Python but most languages translate well. You will take a code screen and be expected to discuss programming principles such as algorithms, data structures, and optimization
- Knowledge of using and securing containerized, cloud-native applications, ideally with Kubernetes. Experience with multiple cloud providers is a strong plus
- Experience in automating security and compliance processes using tools, scripts, and frameworks while enabling developer and employee workflows
- Strong interpersonal skills. Some experience collaborating (and negotiating) with peers, stakeholders, auditors, and customers
- Understanding of industry-recognized security frameworks, standards, and certifications, such as ISO 27001, SOC 2, PCI DSS, NIST, or GDPR, and how to apply them without added operational burden. You can gain this by reading the standards documents and audit guidance
- A degree in Computer Science, Information Security, or related field (or equivalent experience)

Bonus Points For:

- Working knowledge of Grafana Labs OSS projects and products. Experience in using observability tooling to solve security problems. 
- Experience working with OSS communities
- Experience securing large-scale distributed systems running in public clouds

In Canada, the base compensation range for this role is $120,927 CAD - $145,113 CAD. Actual compensation may vary based on level, experience, and skillset as assessed throughout the interview process. All of our roles include Restricted Stock Units (RSUs), giving every team member ownership in Grafana Labs' success. We believe in shared outcomes—RSUs help us stay aligned and invested as we scale globally.

\*Compensation ranges are country specific. If you are applying for this role from a different location than listed above, your recruiter will discuss your specific market’s defined pay range & benefits at the beginning of the process.

Why You’ll Thrive at Grafana Labs:

- 100% Remote, Global Culture - As a remote-only company, we bring together talent from around the world, united by a culture of collaboration and shared purpose.
- Scaling Organization – Tackle meaningful work in a high-growth, ever-evolving environment.
- Transparent Communication – Expect open decision-making and regular company-wide updates.
- Innovation-Driven – Autonomy and support to ship great work and try new things.
- Open Source Roots – Built on community-driven values that shape how we work.
- Empowered Teams – High trust, low ego culture that values outcomes over optics.
- Career Growth Pathways – Defined opportunities to grow and develop your career.
- Approachable Leadership – Transparent execs who are involved, visible, and human.
- Passionate People – Join a team of smart, supportive folks who care deeply about what they do.
- In-Person onboarding - We want you to thrive from day 1 with your fellow new ‘Grafanistas’ to learn all about what we do and how we do it. 
- Balance is Key - We operate a global annual leave policy of 30 days per annum. 3 days of your annual leave entitlement are reserved for Grafana Shutdown Days to allow the team to really disconnect. \*We will comply with local legislation where applicable.

Equal Opportunity Employer: We will recruit, train, compensate and promote regardless of race, religion, color, national origin, gender, disability, age, veteran status, and all the other fascinating characteristics that make us different and unique. We believe that equality and diversity builds a strong organization and we’re working hard to make sure that’s the foundation of our organization as we grow.

Grafana Labs may utilize AI tools in its recruitment process to assist in matching information provided in CVs to job postings. The recruitment team will continue to review inbound CVs manually to identify alignment with current openings.

#LI-Remote

For information about how your personal data is used once you’ve applied to a job, check out our privacy policy.