Jobs · Information Technology · Massachusetts

Staff Application Security Engineer

Datadog · Boston, MA · 2 wk ago
HybridInformation Technology$244k–$305k/yrFull-time

What You’ll Do

  • Define and drive security standards and secure-by-default solutions, serving as the Application Security subject matter expert.
  • Build security tooling and automation that scales security practices across engineering teams, and implement robust security observability to support our threat detection team with meaningful, actionable security signals.
  • Lead threat modeling and risk assessment for high-risk features and platform changes.
  • Assess and address security risks introduced by agentic development practices and AI-powered product features in production.
  • Partner with engineering teams to prioritize and remediate critical threats, define API security standards, and conduct security code reviews.
  • Identify systemic security risks; lead complex, multi-team remediation efforts end-to-end.
  • Partner with Cloud & Infrastructure Security and other teams across the org on cross-domain problems; be the AppSec point of contact on complex cross-domain problems.
  • Serve as the AppSec subject matter expert across Datadog; be the person engineering leadership calls when they need clarity on a hard security problem.
  • Deeply invest in the growth of AppSec engineers on the team.

Who You Are

  • Software engineering background with hands-on code review experience; Go (preferred), Python, or Rust.
  • Demonstrated ability to level up the engineers around you: through design reviews, mentorship, and the quality of your documentation.
  • Solid grounding in OWASP Top 10, web vulnerabilities (XSS, injection, access control, cryptography), SAST, and DAST.
  • Working knowledge of API security: authentication flows, authorization patterns, and input validation at API boundaries.
  • Track record of leading threat modeling on complex, multi-team systems and translating outcomes into architectural decisions.
  • Experience implementing secure-by-default frameworks and integrating security into core platforms alongside product managers and engineering teams.
  • Able to translate business risk into security investment priorities and communicate tradeoffs clearly to executive audiences.
  • Familiarity with software supply chain security: dependency management, artifact integrity, and build pipeline trust.
  • Bias toward implementing solutions and driving adoption, not just surfacing findings.
  • Promised track record of winning buy-in from technical and non-technical stakeholders; able to communicate complex tradeoffs clearly to engineers, product managers, and leadership.
  • Current on security best practices, emerging threats, and the tooling landscape.

Similar jobs