Application Security Engineer

As a Senior Security Engineer on the AppSec Foundations team, you will be instrumental in making secure behavior the default across the Datadog platform. Your focus will be to build scalable, platform-level security controls to enforce production security invariants across our infrastructure and developer workflows.

You will operate at the intersection of distributed systems and security, focusing on enforcing security by construction. This approach eliminates reliance on manual reviews or reactive fixes, enabling engineering teams to move fast without needing specialized security expertise.

A key part of this role involves shaping the implementation of identity, access, and isolation across our systems, including support for next-generation, AI-driven, and agentic workloads. By defining how security is automatically built-in across Datadog’s platform, your work will improve consistency, reduce friction for engineering teams, and enable the company to scale securely as we expand into new technological domains.

What You’ll Do:

• Design and implement secure-by-default platform controls, improving the security of our APIs and services.
• Build and evolve security systems and enforcement layers (e.g., gateways, middleware, policy engines) that operate at scale across distributed systems
• Define and standardize security patterns that can be broadly adopted across services, reducing the need for custom implementations
• Integrate security controls into developer workflows, infrastructure, and platform abstractions to drive high adoption
• Identify recurring security risks and translate them into reusable, enforced platform primitives
• Partner with engineering teams to influence system design and build out security that is embedded early in the development lifecycle
• Contribute to threat modeling and security reviews where needed, with a focus on turning findings into systemic improvements
• Leverage application telemetry (logs, traces, metrics) to assess security posture and drive improvements

• You have a strong background in software engineering and experience building distributed systems (Go or Python preferred)
• You have experience designing and implementing security controls or systems (e.g., authentication, authorization, API security, or infrastructure security)
• You have built shared infrastructure, internal platforms, libraries, frameworks, or enforcement mechanisms used by other engineering teams.
• You understand how modern systems handle identity, communication, and trust boundaries (e.g., mTLS, service identity, API gateways)
• You are comfortable operating in ambiguous environments and working across new problem spaces
• You make pragmatic security decisions that balance risk, usability, and scalability
• You are driven to not only identify security issues but also design and implement solutions that prevent them at scale

Nice to Have:

• Experience with zero trust architectures or service-to-service security models
• Familiarity with policy-based systems or large-scale access control models
• Experience working with untrusted or non-deterministic workloads (e.g., sandboxing, agent-based systems)
• Experience using observability and telemetry to drive security insights and adoption

Datadog values people from all walks of life. We understand not everyone will meet all the above qualifications on day one. That's okay. If you’re passionate about technology and want to grow your skills, we encourage you to apply.

• New hire stock equity (RSUs) and employee stock purchase plan (ESPP)
• Continuous professional development, product training, and career pathing
• Intradepartmental mentor and buddy program for in-house networking
• An inclusive company culture, ability to join our Community Guilds (Datadog employee resource groups)
• Access to Inclusion Talks, our internal panel discussions
• Free, global mental health benefits for employees and dependents age 6+
• Competitive global benefits

Benefits and Growth listed above may vary based on the country of your employment and the nature of your employment with Datadog.

To conform to US export control regulations, candidates should be eligible for any required authorizations from the US government. This job is available in various departments within our company; to conform to US export control regulations, some of these roles may require candidates to be eligible for any required authorizations from the US government.

#LI-Hybrid

Datadog offers a competitive salary and equity package, and may include variable compensation. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, Datadog offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, parental planning, and mental health benefits, a 401(k) plan and match, paid time off, fitness reimbursements, and a discounted employee stock purchase plan. The reasonably estimated yearly salary for this role at Datadog is: $187,000-$240,000 USD