Detection Engineer, Product - Cloud SIEM

About Datadog:

We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams. We operate at high scale—trillions of data points per day—allowing for seamless collaboration and problem-solving among Dev, Ops and Security teams globally for tens of thousands of companies. Our culture values pragmatism, honesty, and simplicity to solve hard problems the right way.

The Team:

The Product Detection Engineering team at Datadog develops impactful threat detection content for Datadog’s portfolio of Cloud Security products. As part of the Security Research organization, you will join a diverse team of hackers and builders who launch impactful security products and research via cross-company collaboration, partnerships with the security community and open source initiatives

We are looking for a Detection Engineer to help drive the Cloud SIEM product, which performs real-time threat detection of attackers targeting Datadog customer’s Cloud and infrastructure environments. This is a position that is particularly suited for applicants who want to deep-dive on how threat actors are attacking emerging and existing cloud technologies. We also have hundreds of integrations and data sources, where you’ll be able to find new ways to protect customers while testing hypotheses, threat hunting and deploying new detections and integrations.

The Opportunity:

As a Detection Engineer for Cloud SIEM, you will deliver detection capabilities to our Security product(s) in order to notify customers when they are potentially under attack. Your research will be used by our customers to reduce their mean time to detect threats and to improve their own threat hunting capabilities. Alongside your team, you will research attacker techniques against cloud-native technologies and evangelize your findings with the community.

You Will:

Learn everything about detecting threats in cloud-native environments, and pour it back into building a great product

Proactively track, research and experiment with the latest tactics, techniques & procedures for attacking and defending Cloud environments. Operationalize that experience into actionable detection monitoring

Partner with highly technical customers, develop roadmaps, listen to their needs, and work with the team to solve their problems

Work closely with other Detection Engineers, Security Researchers and Product Managers to identify and prioritize new rules, product features, and areas of improvement

Think like an adversary and perform threat hunts in new sources to find evidence of attacks

Create, write, and deliver content for our community, such as blog posts, documentation, webinars, and workshops. Present at conferences to highlight the challenges and successes in the field

You Are:

You have a track record at identifying attacker techniques, ideally in the cloud (AWS, GCP, Azure, Kubernetes, etc)

You have expertise of the SIEM querying experience and comprehend the fundamentals of a lucene-based querying language

You are familiar with programming and scripting and are comfortable building and optimizing queries for both key-value and relational databases

You have experience measuring the effectiveness of security controls, queries and alerting from security and operational logs

You have experience working on teams in offensive or defensive security operations, threat hunting, threat intelligence or incident response

You have a passion for protecting Datadog customers from threat actors by discovering and creating impactful security controls

You have excellent communication skills and are eager to collaborate with teammates, colleagues, and the community

You want to work with other humble researchers, product managers and engineers to make an impact to not only our customers but the community

Why You Should Apply:

Generous and competitive global and US benefits

New hire stock equity (RSUs) and employee stock purchase plan

Continuous career development and pathing opportunities 

Product training to develop an in-depth understanding of our product and space

Best in breed onboarding

Internal mentor and buddy program cross-departmentally

Friendly and inclusive workplace culture

In accordance with the Colorado Equal Pay Transparency Rule (“EPT”)

At Datadog, we are committed to providing competitive pay and benefits that are in line with industry standards. We analyze and carefully consider several factors when determining compensation, including your work history and professional experience. These considerations potentially can cause your compensation to vary.

The Detection Engineer, Product - Cloud SIEM role has an annual starting salary of $130,000, and a competitive equity package. The actual pay may be higher depending on your skills, qualifications, and experience. In addition, Datadog offers a wide range of employee benefits. To learn more about Benefits click here.

This is a remote position

Equal Opportunity at Datadog:

Datadog is an Affirmative Action and Equal Opportunity Employer and is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and more. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

Your Privacy:

Any information you submit to Datadog as part of your application will be processed in accordance with Datadog’s Applicant and Candidate Privacy Notice.