Security Engineer - Platform Security
About our Platform (at Grafana Labs):
Grafana Cloud moves millions of metrics, log lines, and traces per second from our customers' environments into a highly available, low-latency stack that processes and stores these data, and serves them to dashboards and alerting tools. We aim to grow this to hundreds of millions per second, and it's critical that as we grow, we improve our performance, increase our reliability, and, of course, do it efficiently and effectively.
The Internal Engineering Platform delivered by the Platform department provides application engineers with the tools, systems and Kubernetes clusters they need to build, deploy and run their workloads. Platform roles at Grafana Labs have an eye for engineers with a passion for performance and reliability, and who enjoy taking projects from conception to production. We organize ourselves into squads to allow focus on Cloud Infrastructure, Networking and Security; engineering Productivity; Capacity management, Client Administrative Tooling (CAT); and US Federal compliance.
Because we deploy production services, we have on-call rotations to ensure the health of the system. Everyone at Grafana Labs tries to incorporate and use our product line up into their day-to-day, so being on call is an important way to understand our system and how people use our products.
About the squad & the role:
We’re hiring for our Platform Security squad. This squad provides and owns automation and decision making around our underlying CSP and compute security features for Grafana Cloud. This includes cloud service provider IAM, Kubernetes access control, secret management, and workload security. We’re hands on with writing and shipping code as we aim to simplify secure decision making for engineers by providing pre-configured, secure templates and embedding security best practices into our development tools. We also help the rest of our engineers contributing to Grafana Cloud make the best security decisions possible for all the products we build, through security reviews and advisory.
The values behind scaling cloud native security at Grafana Labs
Who Are We Looking For?
- You enjoy working with engineers, as well as with the management structures that are there to support you and enable you and your team to do your very best.
- You are comfortable working in a remote-first company; communication is key. For us, working together means being collaborative, friendly, kind, and respectful. We operate by consensus, you can contribute to a discussion but then commit to the team decision.
- As such, being such a highly distributed company, means we would love someone who is keen on working with distributed systems, too.
- You are eager to learn and grow. There is a lot of room for growth and development, and the team has quite a lot of knowledge to share for those who are wanting to learn.
- You approach development holistically. The team owns the full life cycle of our code; from writing design docs, to looking at developer feedback, and integration testing. We appreciate engineers who enjoy looking at the big picture, and also notice the details of the brush strokes. The Platform team mainly works with Go, Python, and Shell.
- You have experience with operating your code. Since a lot of operators and developers use our software, having some grounding in both of these spaces really helps us with building better platforms for our users. Kubernetes and Docker are what we use, mostly. We also work with a lot of Infrastructure as Code, so be sure to check out grafana/tanka.
Some skills/experience we like to see:
- Familiarity with CSP IAM.
- Experience with cloud security posture management (CSPM).
- Infrastructure as Code with Terraform/Crossplane.
- Familiarity with Kubernetes administration - very cool if experience with Tanka.
- Experience in threat modeling, secure architecture reviews, and security tabletop exercises.
A few of our upcoming projects:
-
- Streamlining Just In Time Access through IAM and RBAC change process and automation.
- Automated assessment of running infrastructure and services, detection of misconfiguration and drift.
- Improving Cluster and Node level Security Posture and Observability.
- Refine CI/CD Platform Security Posture.
In Germany, the base compensation range for this role is €91,464- €114,330. Actual compensation may vary based on level, experience, and skillset as assessed in the interview process. Benefits include equity, bonus (if applicable) and other benefits listed here.