# Staff Application Security Engineer

**Company:** [Datadog](https://hotfix.jobs/companies/datadog)
**Location:** Boston, MA, New York, NY
**Role:** Security Engineering
**Salary:** $234k – $300k/yr
**Skills:** Go, Python, Rust, Owasp Top 10, SAST, DAST, Api Security, Threat Modeling, Software Supply Chain Security, Datadog
**Posted:** 2026-04-03

> Leads application security strategy, defines secure frameworks and standards, builds scalable tooling, conducts threat modeling, and mentors engineers. Requires software engineering experience with code review in Go/Python/Rust and deep knowledge of web vulnerabilities, API security, and OWASP practices.

## Job Description

## What You’ll Do

- Define and drive security standards and secure-by-default solutions, serving as the Application Security subject matter expert.
- Build security tooling and automation that scales security practices across engineering teams, and implement robust security observability to support our threat detection team with meaningful, actionable security signals.
- Lead threat modeling and risk assessment for high-risk features and platform changes.
- Assess and address security risks introduced by agentic development practices and AI-powered product features in production.
- Partner with engineering teams to prioritize and remediate critical threats, define API security standards, and conduct security code reviews.
- Identify systemic security risks; lead complex, multi-team remediation efforts end-to-end.
- Partner with Cloud & Infrastructure Security and other teams across the org on cross-domain problems; be the AppSec point of contact on complex cross-domain problems.
- Serve as the AppSec subject matter expert across Datadog; be the person engineering leadership calls when they need clarity on a hard security problem.
- Deeply invest in the growth of AppSec engineers on the team.

## Who You Are

- Software engineering background with hands-on code review experience; **Go (preferred), Python, or Rust**.
- Demonstrated ability to level up the engineers around you: through design reviews, mentorship, and the quality of your documentation.
- Solid grounding in **OWASP Top 10**, web vulnerabilities (**XSS, injection, access control, cryptography**), **SAST**, and **DAST**.
- Working knowledge of **API security**: authentication flows, authorization patterns, and input validation at API boundaries.
- Track record of leading threat modeling on complex, multi-team systems and translating outcomes into architectural decisions.
- Experience implementing secure-by-default frameworks and integrating security into core platforms alongside product managers and engineering teams.
- Able to translate business risk into security investment priorities and communicate tradeoffs clearly to executive audiences.
- Familiarity with **software supply chain security**: dependency management, artifact integrity, and build pipeline trust.
- Bias toward implementing solutions and driving adoption, not just surfacing findings.
- Proven track record of winning buy-in from technical and non-technical stakeholders; able to communicate complex tradeoffs clearly to engineers, product managers, and leadership.
- Current on security best practices, emerging threats, and the tooling landscape.

## Similar roles

- [Staff Software Engineer, Identity & Access Management](https://hotfix.jobs/jobs/83dfb71e-a7d4-405a-bd21-8f7cac79fc18) - Snowflake - Bellevue, WA - $236k – $339k/yr
- [Senior Staff Software Engineer - IAM](https://hotfix.jobs/jobs/e3334efa-42e2-47b3-8e84-efb3d3ddc655) - Databricks - Mountain View, CA - $232k – $313k/yr
- [Staff Product Security Engineer](https://hotfix.jobs/jobs/cd737e9e-c3f6-4183-b501-3803d909819a) - Databricks - Remote - $231k – $398k/yr
- [Staff Security Engineer - SecOps & Threats](https://hotfix.jobs/jobs/62e8a0f4-1c37-4793-82e8-64433efa09a2) - 6sense - Remote - $231k – $266k/yr
- [Senior Staff Security Engineer - Network Security](https://hotfix.jobs/jobs/b3535b21-0e8c-4e69-aecd-b17494a88ef6) - Gusto - San Francisco, CA - $230k – $270k/yr

**Apply:** https://hotfix.jobs/jobs/9cc2acb0-f592-40b0-ac68-acdd6085e624
**Canonical:** https://hotfix.jobs/jobs/9cc2acb0-f592-40b0-ac68-acdd6085e624