Staff Application Security Engineer

About The Position

Requirements

• Software engineering background with hands-on code review experience; Go (preferred), Python, or Rust
• Demonstrated ability to level up the engineers around you: through design reviews, mentorship, and the quality of your documentation
• Solid grounding in OWASP Top 10, web vulnerabilities (XSS, injection, access control, cryptography), SAST, and DAST
• Working knowledge of API security: authentication flows, authorization patterns, and input validation at API boundaries
• Track record of leading threat modeling on complex, multi-team systems and translating outcomes into architectural decisions
• Experience implementing secure-by-default frameworks and integrating security into core platforms alongside product managers and engineering teams
• Able to translate business risk into security investment priorities and communicate tradeoffs clearly to executive audiences
• Familiarity with software supply chain security: dependency management, artifact integrity, and build pipeline trust
• Bias toward implementing solutions and driving adoption, not just surfacing findings
• Proven track record of winning buy-in from technical and non-technical stakeholders; able to communicate complex tradeoffs clearly to engineers, product managers, and leadership
• Current on security best practices, emerging threats, and the tooling landscape

Responsibilities

• Define and drive security standards and secure-by-default solutions, serving as the Application Security subject matter expert.
• Build security tooling and automation that scales security practices across engineering teams, and implement robust security observability to support our threat detection team with meaningful, actionable security signals.
• Lead threat modeling and risk assessment for high-risk features and platform changes.
• Assess and address security risks introduced by agentic development practices and AI-powered product features in production
• Partner with engineering teams to prioritize and remediate critical threats, define API security standards, and conduct security code reviews.
• Identify systemic security risks; lead complex, multi-team remediation efforts end-to-end
• Partner with Cloud & Infrastructure Security and other teams across the org on cross-domain problems; be the AppSec point of contact on complex cross-domain problems
• Serve as the AppSec subject matter expert across Datadog; be the person engineering leadership calls when they need clarity on a hard security problem
• Deeply invest in the growth of AppSec engineers on the team

Benefits

• New hire stock equity (RSUs) and employee stock purchase plan (ESPP)
• Continuous professional development, product training, and career pathing
• Intradepartmental mentor and buddy program for in-house networking
• An inclusive company culture, ability to join our Community Guilds (Datadog employee resource groups)
• Access to Inclusion Talks, our internal panel discussions
• Free, global mental health benefits for employees and dependents age 6+
• Competitive global benefits