Senior Software Security Engineer, Detection Engineering | Spain | Remote

<div class="content-intro"><p>Grafana Labs is a remote-first, open-source powerhouse. There are more than 20M users of Grafana, the open source visualization tool, around the globe, monitoring everything from beehives to climate change in the Alps. The instantly recognizable dashboards have been spotted everywhere from a NASA launch and Minecraft HQ to Wimbledon and the Tour de France. Grafana Labs also helps more than 3,000 companies -- including Bloomberg, JPMorgan Chase, and eBay -- manage their observability strategies with the Grafana LGTM Stack, which can be run fully managed with <a href="https://grafana.com/products/cloud/">Grafana Cloud</a> or self-managed with the <a href="https://grafana.com/products/enterprise/">Grafana Enterprise Stack</a>, both featuring scalable metrics (<a href="https://grafana.com/oss/mimir/">Grafana Mimir</a>), logs (<a href="https://grafana.com/oss/loki/">Grafana Loki</a>), and traces (<a href="https://grafana.com/oss/tempo/">Grafana Tempo</a>).</p> <p>We’re scaling fast and staying true to what makes us different: an open-source legacy, a global collaborative culture, and a passion for meaningful work. Our team thrives in an innovation-driven environment where transparency, autonomy, and trust fuel everything we do.</p> <p>You may not meet every requirement, and that’s okay. If this role excites you, we’d love you to raise your hand for what could be a truly career-defining opportunity.</p></div><p><em>This is a remote position in Spain.</em></p> <p> </p> <p>As a Senior Software Security Engineer on the Detection Response Engineering team, you will work to build advanced security tools and processes around our advanced observability platform to catch and stop advanced threats to our platform, employees, and customers.</p> <p><strong>The Opportunity:</strong></p> <p>You will work across all areas of the stack, do cutting-edge development, detection research, and response automation, and contribute these learnings back to the wider security community. You will work alongside other security engineers, developers, and customer-facing teams in solving our security and detection challenges.</p> <p><strong>What You’ll Be Doing:</strong></p> <ul> <li>Collaboratively design, build, and maintain our internal detection systems based on Go, TypeScript, Python, and the Grafana observability stack that processes millions of security data points daily</li> <li>Research and develop sophisticated detection (as code) capabilities and rules to cover risks and threats across our product and corporate systems. Where applicable, contribute these detections back to the OSS community</li> <li>Work with product teams and other stakeholders to ensure we have effective telemetry of all existing and future products</li> <li>Lead the development of response tooling to streamline (and fully automate) our response activities. Write and maintain runbooks for handling what we can’t automate</li> <li>Following a SOCless model, guide cross-functional teams in integrating telemetry, detections, and response procedures into the team's operational processes</li> <li>Design security and operations metrics to track our success and demonstrate the security value of our work</li> <li>Lead the response to security alerts, potential incidents, and customer security issues. Participate in security incident on-call rotations</li> </ul> <p>We invest heavily in developer productivity. You can use modern AI coding assistants as part of your daily workflow (your choice of tools, within security guidelines), backed by a company-funded usage budget so you can iterate quickly without unnecessary friction.<br><br>We encourage pragmatic AI-assisted development: faster prototyping, test generation, refactors, documentation, and incident follow-ups—always paired with strong code review and quality standards.<br><br>You’ll also have access to frontier models (e.g., GPT-Codex 5/3, Claude Opus 4.6, Gemini 3 Pro)</p> <p><strong>What Makes You a Great ... (truncated, view full listing at source)