# Staff Application Security Engineer **Company:** [Datadog](https://hotfix.jobs/companies/datadog) **Location:** Boston, MA, New York, NY **Salary:** $234K-$300K **Skills:** Go, Python, Rust, Owasp Top 10, SAST, DAST, Api Security, Threat Modeling, Software Supply Chain Security, Datadog **Posted:** 2026-04-03 > Leads application security strategy, defines secure frameworks and standards, builds scalable tooling, conducts threat modeling, and mentors engineers. Requires software engineering experience with code review in Go/Python/Rust and deep knowledge of web vulnerabilities, API security, and OWASP practices. ## Job Description ## What You’ll Do - Define and drive security standards and secure-by-default solutions, serving as the Application Security subject matter expert. - Build security tooling and automation that scales security practices across engineering teams, and implement robust security observability to support our threat detection team with meaningful, actionable security signals. - Lead threat modeling and risk assessment for high-risk features and platform changes. - Assess and address security risks introduced by agentic development practices and AI-powered product features in production. - Partner with engineering teams to prioritize and remediate critical threats, define API security standards, and conduct security code reviews. - Identify systemic security risks; lead complex, multi-team remediation efforts end-to-end. - Partner with Cloud & Infrastructure Security and other teams across the org on cross-domain problems; be the AppSec point of contact on complex cross-domain problems. - Serve as the AppSec subject matter expert across Datadog; be the person engineering leadership calls when they need clarity on a hard security problem. - Deeply invest in the growth of AppSec engineers on the team. ## Who You Are - Software engineering background with hands-on code review experience; **Go (preferred), Python, or Rust**. - Demonstrated ability to level up the engineers around you: through design reviews, mentorship, and the quality of your documentation. - Solid grounding in **OWASP Top 10**, web vulnerabilities (**XSS, injection, access control, cryptography**), **SAST**, and **DAST**. - Working knowledge of **API security**: authentication flows, authorization patterns, and input validation at API boundaries. - Track record of leading threat modeling on complex, multi-team systems and translating outcomes into architectural decisions. - Experience implementing secure-by-default frameworks and integrating security into core platforms alongside product managers and engineering teams. - Able to translate business risk into security investment priorities and communicate tradeoffs clearly to executive audiences. - Familiarity with **software supply chain security**: dependency management, artifact integrity, and build pipeline trust. - Bias toward implementing solutions and driving adoption, not just surfacing findings. - Proven track record of winning buy-in from technical and non-technical stakeholders; able to communicate complex tradeoffs clearly to engineers, product managers, and leadership. - Current on security best practices, emerging threats, and the tooling landscape. **Apply:** https://hotfix.jobs/jobs/staff-application-security-engineer-at-datadog-9cc2acb0-f592-40b0-ac68-acdd6085e624 **Canonical:** https://hotfix.jobs/jobs/staff-application-security-engineer-at-datadog-9cc2acb0-f592-40b0-ac68-acdd6085e624