Skip to content
Datadog

Staff Application Security Engineer

Leads application security strategy, defines secure frameworks and standards, builds scalable tooling, conducts threat modeling, and mentors engineers. Requires software engineering experience with code review in Go/Python/Rust and deep knowledge of web vulnerabilities, API security, and OWASP practices.

234k – 300kBoston, MANew York, NYSecurity EngineeringHybrid
Apply

About the role

What You’ll Do

  • Define and drive security standards and secure-by-default solutions, serving as the Application Security subject matter expert.
  • Build security tooling and automation that scales security practices across engineering teams, and implement robust security observability to support our threat detection team with meaningful, actionable security signals.
  • Lead threat modeling and risk assessment for high-risk features and platform changes.
  • Assess and address security risks introduced by agentic development practices and AI-powered product features in production.
  • Partner with engineering teams to prioritize and remediate critical threats, define API security standards, and conduct security code reviews.
  • Identify systemic security risks; lead complex, multi-team remediation efforts end-to-end.
  • Partner with Cloud & Infrastructure Security and other teams across the org on cross-domain problems; be the AppSec point of contact on complex cross-domain problems.
  • Serve as the AppSec subject matter expert across Datadog; be the person engineering leadership calls when they need clarity on a hard security problem.
  • Deeply invest in the growth of AppSec engineers on the team.

Who You Are

  • Software engineering background with hands-on code review experience; Go (preferred), Python, or Rust.
  • Demonstrated ability to level up the engineers around you: through design reviews, mentorship, and the quality of your documentation.
  • Solid grounding in OWASP Top 10, web vulnerabilities (XSS, injection, access control, cryptography), SAST, and DAST.
  • Working knowledge of API security: authentication flows, authorization patterns, and input validation at API boundaries.
  • Track record of leading threat modeling on complex, multi-team systems and translating outcomes into architectural decisions.
  • Experience implementing secure-by-default frameworks and integrating security into core platforms alongside product managers and engineering teams.
  • Able to translate business risk into security investment priorities and communicate tradeoffs clearly to executive audiences.
  • Familiarity with software supply chain security: dependency management, artifact integrity, and build pipeline trust.
  • Bias toward implementing solutions and driving adoption, not just surfacing findings.
  • Proven track record of winning buy-in from technical and non-technical stakeholders; able to communicate complex tradeoffs clearly to engineers, product managers, and leadership.
  • Current on security best practices, emerging threats, and the tooling landscape.

Skills

GoPythonRustOwasp Top 10SASTDASTApi SecurityThreat ModelingSoftware Supply Chain SecurityDatadog

Similar roles

Security Engineering jobs
Sprinter Health

Staff, Security Engineer (App & Product Sec)

Leads security program as first dedicated hire, building roadmap for cloud, app security, and compliance (HIPAA, SOC 2, HITRUST). Improves AWS/GCP security, vulnerability management, IAM, and embeds security in SDLC for high-growth healthcare tech company. Requires 8+ years experience.

235k – 300kSan Francisco, CA +1Security EngineeringHybrid8+ YOEAWSGCP
Snowflake

Staff Software Engineer, Identity & Access Management

Designs and implements identity and access management systems for Snowflake's Data Cloud, focusing on AI security, authentication protocols, and scalable authorization. Requires 10+ years experience with large-scale distributed systems and strong skills in Java/C#/C++.

236k – 339kBellevue, WASecurity EngineeringOn-site10+ YOEC#C++
Databricks

Senior Staff Software Engineer - IAM

Leads IAM and security engineering to enhance platform trust, plugs infrastructure gaps, and builds large-scale distributed systems. Requires 9+ years in data security, 15+ years in distributed systems, MS/PhD, and expertise in IAM, Kubernetes security, cryptography.

232k – 313kMountain View, CASecurity EngineeringOn-site9+ YOEPrivacyGovernance
6sense

Staff Security Engineer - SecOps & Threats

Leads SecOps and threat response, including incident handling, forensics, automation building, and threat exercises. Requires 5+ years in Security Operations, automation experience, and familiarity with security tools like SIEM, SOAR, and AWS.

231k – 266kUnited StatesSecurity EngineeringRemote5+ YOEAWSSIEM
Valon

Staff Product Security Engineer - Customer Platform

Leads product security architecture for multi-tenant SaaS platform, implementing secure customer-facing features like IAM, encryption, and access controls. Conducts threat modeling, design reviews, and collaborates cross-functionally on compliance and risk mitigation. Requires 8+ years in security engineering with SaaS expertise.

231k – 272kNew York, NY +1Security EngineeringRemote8+ YOEGCPIAM