Staff Application Security Engineer
Datadog · Boston, MA · 2 wk ago
HybridInformation Technology$244k–$305k/yrFull-time
What You’ll Do
- Define and drive security standards and secure-by-default solutions, serving as the Application Security subject matter expert.
- Build security tooling and automation that scales security practices across engineering teams, and implement robust security observability to support our threat detection team with meaningful, actionable security signals.
- Lead threat modeling and risk assessment for high-risk features and platform changes.
- Assess and address security risks introduced by agentic development practices and AI-powered product features in production.
- Partner with engineering teams to prioritize and remediate critical threats, define API security standards, and conduct security code reviews.
- Identify systemic security risks; lead complex, multi-team remediation efforts end-to-end.
- Partner with Cloud & Infrastructure Security and other teams across the org on cross-domain problems; be the AppSec point of contact on complex cross-domain problems.
- Serve as the AppSec subject matter expert across Datadog; be the person engineering leadership calls when they need clarity on a hard security problem.
- Deeply invest in the growth of AppSec engineers on the team.
Who You Are
- Software engineering background with hands-on code review experience; Go (preferred), Python, or Rust.
- Demonstrated ability to level up the engineers around you: through design reviews, mentorship, and the quality of your documentation.
- Solid grounding in OWASP Top 10, web vulnerabilities (XSS, injection, access control, cryptography), SAST, and DAST.
- Working knowledge of API security: authentication flows, authorization patterns, and input validation at API boundaries.
- Track record of leading threat modeling on complex, multi-team systems and translating outcomes into architectural decisions.
- Experience implementing secure-by-default frameworks and integrating security into core platforms alongside product managers and engineering teams.
- Able to translate business risk into security investment priorities and communicate tradeoffs clearly to executive audiences.
- Familiarity with software supply chain security: dependency management, artifact integrity, and build pipeline trust.
- Bias toward implementing solutions and driving adoption, not just surfacing findings.
- Promised track record of winning buy-in from technical and non-technical stakeholders; able to communicate complex tradeoffs clearly to engineers, product managers, and leadership.
- Current on security best practices, emerging threats, and the tooling landscape.