Security Engineer 2 - Cyber Threat Intelligence

As a Security Engineer 2 on the Cyber Threat Intelligence team, you will help Datadog stay ahead of evolving threats by identifying, analyzing, and operationalizing intelligence on threat actors, campaigns, and emerging threats. Working within Security Engineering, you will partner closely with security teams to translate intelligence into actionable security improvements across the company. You will serve as a subject matter expert on how the cyber threat landscape intersects with Datadog and contribute to intelligence-led decision making during both steady-state operations and active security incidents. This role provides opportunities to influence detection, response, and security strategy through technical analysis, collaboration, and intelligence-driven initiatives.

At Datadog, we place value in our office culture - the relationships and collaboration it builds and the creativity it brings to the table. We operate as a hybrid workplace to ensure our Datadogs can create a work-life harmony that best fits them.

What You’ll Do:

• Develop and maintain tooling that automates the collection, processing, analysis, and dissemination of threat intelligence.
• Assess emerging vulnerabilities, threat activity, and security events to help stakeholders understand potential impact to Datadog.
• Conduct threat hunting and infrastructure analysis to identify adversary activity relevant to Datadog and improve defensive controls.
• Partner with security teams to operationalize intelligence into detections, investigations, and response workflows.
• Coordinate with information-sharing communities to gather, evaluate, and disseminate actionable intelligence.
• Produce technical briefings, threat reports, and intelligence products for security and engineering stakeholders.

• Experienced in writing and presenting operational and technical intelligence for threat detection, response, and security stakeholders.
• Skilled in partnering with detection and response teams to support investigations, improve response playbooks, and prioritize detection opportunities based on adversary tactics, techniques, and procedures (TTPs).
• Familiar with information-sharing communities and able to apply sound judgment when handling and operationalizing TLP-designated intelligence.
• Experienced in identifying and responding to large-scale emerging threats, including supply chain compromises, industry-wide campaigns, and exploitation of newly disclosed vulnerabilities.
• Experienced in dynamic/static analysis of Linux and MacOS malware and in tracking cloud-native cybercrime and nation-state threat actors.
• Proficient in developing threat intelligence tooling and automation through software development and scripting.

Nice to Have:

• Experience presenting at security conferences and publishing threat research.
• Experience with malware reverse engineering.

To conform to US export control regulations, candidates should be eligible for any required authorizations from the US government. This job is available in various departments within our company; to conform to US export control regulations, some of these roles may require candidates to be eligible for any required authorizations from the US government.

Datadog offers a competitive salary and equity package, and may include variable compensation. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, Datadog offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, parental planning, and mental health benefits, a 401(k) plan and match, paid time off, fitness reimbursements, and a discounted employee stock purchase plan. The reasonably estimated yearly salary for this role at Datadog is: $140,000-$195,000 USD