As a Security Engineer 2 on the Cyber Threat Intelligence team, you will help Datadog stay ahead of evolving threats by identifying, analyzing, and operationalizing intelligence on threat actors, campaigns, and emerging threats. Working within Security Engineering, you will partner closely with security teams to translate intelligence into actionable security improvements across the company. You will serve as a subject matter expert on how the cyber threat landscape intersects with Datadog and contribute to intelligence-led decision making during both steady-state operations and active security incidents. This role provides opportunities to influence detection, response, and security strategy through technical analysis, collaboration, and intelligence-driven initiatives.
At Datadog, we place value in our office culture - the relationships and collaboration it builds and the creativity it brings to the table. We operate as a hybrid workplace to ensure our Datadogs can create a work-life harmony that best fits them.
What You’ll Do:
- Develop and maintain tooling that automates the collection, processing, analysis, and dissemination of threat intelligence.
- Assess emerging vulnerabilities, threat activity, and security events to help stakeholders understand potential impact to Datadog.
- Conduct threat hunting and infrastructure analysis to identify adversary activity relevant to Datadog and improve defensive controls.
- Partner with security teams to operationalize intelligence into detections, investigations, and response workflows.
- Coordinate with information-sharing communities to gather, evaluate, and disseminate actionable intelligence.
- Produce technical briefings, threat reports, and intelligence products for security and engineering stakeholders.
Who You Are:
- Experienced in writing and presenting operational and technical intelligence for threat detection, response, and security stakeholders.
- Skilled in partnering with detection and response teams to support investigations, improve response playbooks, and prioritize detection opportunities based on adversary tactics, techniques, and procedures (TTPs).
- Familiar with information-sharing communities and able to apply sound judgment when handling and operationalizing TLP-designated intelligence.
- Experienced in identifying and responding to large-scale emerging threats, including supply chain compromises, industry-wide campaigns, and exploitation of newly disclosed vulnerabilities.
- Experienced in dynamic/static analysis of Linux and MacOS malware and in tracking cloud-native cybercrime and nation-state threat actors.
- Proficient in developing threat intelligence tooling and automation through software development and scripting.
Nice to Have:
- Experience presenting at security conferences and publishing threat research.
- Experience with malware rever