Senior Information Security Analyst

About Datadog: 

We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams.  We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.

 
The Team:

The Governance, Risk and Compliance (GRC) team works within the Information Security organization and across Datadog to implement, monitor, and continuously improve Datadog’s security, risk, and compliance programs.

The Opportunity:
As a Senior Security Analyst, you will lead security efforts to acquire and maintain industry certifications, design solutions that enable Datadog’s security goals, and collaborate directly with engineering teams to work quickly and securely.  You will be responsible for defining the implementation of technical compliance capabilities and lead efforts to provide transparency to customers, prospects and other stakeholders.

This role is focused on building and operating a global PCI-DSS compliance program.  You will provide technical recommendations on scoping the environment, guide the protection of regulated CHD, and lead the continuous improvement of Datadog’s PCI program.

This role will also be responsible to create and maintain solutions that uphold Datadog’s continuous compliance and synthesize a broad set of industry and federal regulations.

You will:

• Play a lead role in designing and maintaining a global PCI compliance program.
• Provide precise guidance and feedback on the implementation of technical architecture and engineering requirements.
• Lead and coordinate technical assessments to validate and enhance Datadog’s PCI program and architecture.
• Design solutions using modern technology that allow Datadog’s security and engineering teams to move quickly and adapt to an evolving threat landscape.
• Coordinate the implementation of technical security capabilities and engineering requirements.
• Create documentation to provide transparency to customers, prospects and other stakeholders.
• Create and maintain automated solutions to uphold Datadog’s continuous compliance with a broad set of industry and federal regulations.
• Drive compliance efforts to enable Datadog to enter increasingly regulated markets.

Requirements:

• You have a BS or at least 5 years of relevant industry experience.
• You have delivered or helped develop a stellar ROC, understand how to articulate controls, and how to design effective compensating controls where necessary.
• You have a deep understanding of how to achieve compliance objectives in a cloud native environment. 
• You have familiarity with AWS, GCP, or Azure.
• You have a proven track record working in security audit, compliance, information security operations, or security consulting.
• You value correctness and efficiency, and have an exceptional eye for detail.
• You have exposure to compliance and regulatory regimes (e.g. FedRAMP, GDPR, HIPAA, ISO 27001, PCI DSS).
• You want to work in a fast, high growth environment.

Bonus Points:

• You’ve managed a PCI program running on a microservice architecture.
• You hold a PCI Certification (QSA, ISA, PA-QSA).
• Relevant Industry Certification (CISSP, CISA, GIAC).Specialist Certification (ISO 27001 Lead Auditor/Implementer).
• Background in IT or Security Operations.
• You like to automate the boring stuff.
• Experience implementing a multi-cloud based security program.

Equal Opportunity at Datadog:

Datadog is an Affirmative Action and Equal Opportunity Employer and is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and more. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

Your Privacy:

For more information on how we maintain the privacy of the information you submit as part of your application, please refer to our Applicant and Candidate Privacy Notice.