Lead Security Engineer - Threat Response Support

About Datadog:

We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams.  We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.

The team:

The Security Threat Response Support (STRS) team is responsible for developing and managing Datadog’s security threat response program via processes, procedures, tooling and automation that support efficient investigations at scale.

The opportunity:

As the Security Threat Responder team lead, you will focus on building out Datadog’s Incident Response program, drive innovation within Datadog’s security event investigation program by working towards improving investigation policies and procedures, maintaining playbooks and documentation, and building out tooling and automations. You will collaborate with our Security and Engineering teams to identify gaps and improve our alerting and detection capabilities, respectively.

You will:

• Lead the organization in maturing security event investigation and digital forensics processes
• Manage existing capabilities in collecting, analyzing, escalating, and responding to security events
• Provide expert in-depth knowledge in collecting, analyzing, and escalating security events; responding to computer security incidents, and/or collecting, analyzing, and disseminating cyber threat intelligence
• Develop operational security event investigation playbooks for each use case. The playbooks will document the operational processes to identify, analyze, escalate, and remediate specific security events
• Review and revise Incident Response Plan to reflect enhancements
• Develop tooling and automation to aid in scaling Datadog’s security event investigations and eliminate redundant event types

Requirements:

• You have experience building out security incident response program(s)
• You have experience running security investigations
• You are an excellent communicator with an ability to remain calm, and calm others under pressure
• You have strong documentation and technical writing proficiency to include establishing timelines and patterns of activity based on various data sources
• You’re have expert-level knowledge of common attack vectors and penetration techniques
• You’re proficient in macOS, Windows and/or Linux disk and memory forensics data gathering & analysis
• You’re familiar with the AWS, GCP, Azure, and/or Kubernetes
• You’re proficient in AWS, GCP and/or Azure digital forensics capabilities, processes and procedures
• You have experience creating user-oriented security tools and platforms
• You have significant experience in one or more programming languages
• You value code simplicity and performance
• You can design architecture to solve problems at high scale

Bonus points:

• You have a BS/MS/PhD in a scientific field or equivalent experience
• You have a strong background in statistics
• You have significant experience with Go, C, or Python

Equal Opportunity at Datadog:

Datadog is an Affirmative Action and Equal Opportunity Employer and is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and more. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

Your Privacy:

For more information on how we maintain the privacy of the information you submit as part of your application, please refer to our Applicant and Candidate Privacy Notice.