Jobs · Information Technology · New York

Staff Application Security Engineer

Datadog · New York, NY · 2 wk ago
HybridInformation TechnologyFull-time

About the role

The Staff Application Security Engineer at Datadog sets technical direction for application security at scale. They define frameworks, methodologies, and architectural patterns that engineering teams adopt and apply independently. They serve as the Application Security subject matter expert, building security tooling and automation that scales security practices across engineering teams.

Responsibilities

  • Define and drive security standards and secure-by-default solutions
  • Build security tooling and automation that scales security practices across engineering teams
  • Lead threat modeling and risk assessment for high-risk features and platform changes
  • Assess and address security risks introduced by agentic development practices and AI-powered product features in production
  • Partner with engineering teams to prioritize and remediate critical threats, define API security standards, and conduct security code reviews
  • Identify systemic security risks; lead complex, multi-team remediation efforts end-to-end
  • Partner with Cloud & Infrastructure Security and other teams across the org on cross-domain problems; be the AppSec point of contact on complex cross-domain problems
  • Serve as the AppSec subject matter expert across Datadog; be the person engineering leadership calls when they need clarity on a hard security problem
  • Deeply invest in the growth of AppSec engineers on the team

Qualifications

  • Software engineering background with hands-on code review experience; Go (preferred), Python, or Rust
  • Demonstrated ability to level up the engineers around you: through design reviews, mentorship, and the quality of your documentation
  • Solid grounding in OWASP Top 10, web vulnerabilities (XSS, injection, access control, cryptography), SAST, and DAST
  • Working knowledge of API security: authentication flows, authorization patterns, and input validation at API boundaries
  • Track record of leading threat modeling on complex, multi-team systems and translating outcomes into architectural decisions
  • Experience implementing secure-by-default frameworks and integrating security into core platforms alongside product managers and engineering teams
  • Able to translate business risk into security investment priorities and communicate tradeoffs clearly to executive audiences
  • Familiarity with software supply chain security: dependency management, artifact integrity, and build pipeline trust
  • Bias toward implementing solutions and driving adoption, not just surfacing findings
  • Proven track record of winning buy-in from technical and non-technical stakeholders; able to communicate complex tradeoffs clearly to engineers, product managers, and leadership
  • Current on security best practices, emerging threats, and the tooling landscape

Skills

  • Hands-on code review experience
  • Threat modeling and risk assessment
  • API security expertise
  • Secure-by-default framework implementation
  • Communication and stakeholder engagement
  • Software supply chain security knowledge
  • Ability to drive adoption and implement solutions

Benefits and Growth

Includes new hire stock equity (RSUs) and employee stock purchase plan (ESPP), continuous professional development, product training, and career pathing, an intradepartmental mentor and buddy program for in-house networking, an inclusive company culture, ability to join our Community Guilds (Datadog employee resource groups), access to Inclusion Talks, free, global mental health benefits for employees and dependents age 6+, competitive global benefits, and a discounted employee stock purchase plan.

Similar jobs