Grafana Labs – Senior Application Security Engineer (Remote, EMEA or Americas, EST) – USA

Job title: Senior Application Security Engineer (Remote, EMEA or Americas, EST) Company: Grafana Labs Job description: Security at Grafana You will be partnering and collaborating with service and code owners to help them find, prioritise and fix security issues in our products from from new feature design to discovered issues in production. More strategically you will also help shape structural processes such as design guides, guardrails, our outsourced bug bounty and vulnerability management strategy and enablement. DevOps can be a hostile act. How can we ask engineers and service owners to make complex, domain-specific decisions without the enablement and expertise that helps them understand and prioritise their risks? We're passionate about knowledge sharing and creating expertise where it's needed. We help support and make real the autonomy that is at the heart of Grafana's culture by building lightweight and meaningful guardrails and surfacing actionable data to risk owners. We help make people feel safe when making important decisions. We serve the user where they live. Want to have space to get across the codebase of the leading observability and data visualizations platform and drive amazing security decisions through expert guidance, abstraction and evangelism? We care deeply about autonomy and need to support this with enablement, expertise and consensus. We want to empower our engineers with knowledge, coding guidelines and best practices that help them understand, agree with, adopt and meet the definition of 'good enough.' We also intend to open source the majority of our good work wherever relevant. For all that, we believe absolutely in agreeing reasonable expectations and timeframes and giving people the room to do great work, in a setting that prioritises health, happiness and work-life balance. Responsibilities: • Managing the outsourced bug bounty program and Grafana Labs-side process • Helping build a first-class decentralised threat modelling discipline • Identifying structural, procedural and architectural security weaknesses in our services and research, deliver and enable best-practice solutions • Collaborating with peers and teams delivering key security services in our products • Work with R&D stakeholders to agree, document and enable minimum security standards • Work with the Security Platform Engineers to support agreed best practice with guardrails, security abstractions tooling and enablement • Promote a security-minded culture amongst engineers and engineering leadership, helping ensure that security remains a first-class citizen • Assist with security incident management as needed and feed-back into our security priorities • Help shape our security strategy, both internally and for our open source and commercial products An ideal candidate might possess: • Deep expertise across modern application security best practice and OWASP top 10 (2021!) • Experience managing an outsourced bug bounty • Ideally you have an offensive security mindset or experience as a security researcher • 5+ years of experience working in product security / application security, ideally in Cloud-native organisations • Experience with AWS/GCP/Azure and containerised environments (Docker, k8s, terraform, etc) and ensuring that security architecture and engineering aligns to that model. • Experience with some of: Go, Node.js, Python • If you have experience with data analysis and data science disciplines, great! • We'd love you to have a passion for Grafana's stack, particularly Prometheus. Loki would also be an advantage What you will bring to the role • A continual bias to action and ongoing sense of curiosity • A commitment to autonomy - both in yourself and supporting this in others • An offensive security mindset and, ideally, proven experience • A passion for knowledge sharing and education, bringing everyone else up to your level • Fantastic and proven communication, collaboration and stakeholder management skills • A desire to deliver elegant and efficient processes, documentation and tools, creating beautiful experiences • A keen eye for both architectural thinking and detail, we have both broad and specific problems to solve • A blend of commercial and open-source experienceA passion for building beautiful user experiences and satisfying user needs • An interest in Grafana's stack and a desire to contribute to our open source foundations - We love dogfooding and giving back Our hiring process: • Video chat with one of our Talent Managers (30 mins) • Video chat with the Hiring Managers (30 mins) • Live Security Methodology Interview with 2 Engineers (60 mins) • Security solutions take home exercise focused interview (45 mins) About Grafana Labs: There are more than 950,000 active installations of Grafana around the globe, monitoring everything from beehives to climate change in the Alps. The instantly recognizable dashboards have been spotted everywhere from a NASA launch and Minecraft HQ to Wimbledon and the Tour de France. Grafana Labs also helps companies including Bloomberg, JPMorgan Chase, and eBay manage their observability strategies with full-stack offerings that can be run fully managed with Grafana Cloud, or self-managed with Grafana Enterprise Stack. The Grafana stack has grown to include four other open source projects, Grafana Loki (for logs), Grafana Tempo (for traces), Grafana Mimir (for metrics), and Grafana OnCall (for on-call management). Benefits: For more information about the perks and benefits of working at Grafana, please check out our . A note about covid-19: All Grafanistas who wish to attend in-person events or travel for Grafana Labs must be fully-vaccinated. Equal Opportunity Employer: At Grafana Labs we're building a company where a diverse mix of talented people want to come, stay, and do their best work. We know that our company runs on the hard work and the dedication of our passionate and creative employees. We will recruit, train, compensate and promote regardless of race, religion, colour, national origin, gender, disability, age, veteran status, and all the other fascinating characteristics that make us different and unique. We believe that equality and diversity builds a strong organisation and we're working hard to make sure that's the foundation of our organisation as we grow. For information about how your personal data is used once you've applied to a job, check out our . Expected salary: Location: USA Apply for the job now! Apply tot his job Apply tot his job