Security Analyst - FedRAMP
We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams. We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.
Datadog’s IT Governance, Risk, and Compliance (IT GRC) team supports Datadog’s business by working with engineers to meet regulatory requirements, by leading ongoing compliance activities, and by using technology to streamline compliance efficiency across the company.
As a Security Analyst, you will contribute to upholding U.S. Government regulations and standards, including FedRAMP, DISA, SRG, and STIGs as well as supporting larger IT GRC team activities. You will assist engineers with aligning Datadog with these requirements, and provide subject matter expertise for the design, implementation, operations, management, and maintenance of Datadogs technology ecosystem. You will be responsible for tracking and executing Datadog’s Continuous Monitoring, Data Protection, and Change Management activities. In support of these activities you will assess threats and risks, validate system security requirements, analyze and collaborate on system security designs, verify compliance with system security requirements, perform system audits, testing, and act as a liaison with other departments and business units.
- Support security efforts in maintaining and pursuit of U.S. Government accreditations (FedRAMP, FISMA, DoD Cloud Catalog).
- Synthesize complex customer and regulatory standards into concrete requirements for the Datadog Engineering, Legal and Business teams.
- Document Datadog practices to provide transparency to customers, prospects and other stakeholders.
- Work across security and engineering teams to design, implement, and monitor security and compliance features
- Advise and implement technical controls supporting Datadog’s data protection, business continuity, and disaster recovery programs.
- You have a BS or equivalent experience.
- You have experience working in security policy, compliance, information security operations, or security consulting.
- You have exposure to one or more compliance frameworks (e.g., FedRAMP, NIST, HIPAA, ISO 27001, PCI DSS).
- You value correctness and efficiency; you leave no stone unturned when reviewing documentation.
- Ability to comply with ITAR and AWS/Azure GovCloud requirements.
- Prior 3PAO or ISO auditor experience.
- Familiarity with Cloud Services technology (AWS, Azure, GCP).
- Experience with application and infrastructure vulnerability scanning tools.
- You speak like you write - clear, concise, confident, and unafraid to make presentations.