We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams. We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.
The FedRAMP team supports Datadog’s business within the U.S. Government market by working with engineers to meet FedRAMP requirements and lead ongoing compliance activities.
As a Senior Security Analyst for the FedRAMP team, you will lead efforts to respond to U.S. Government regulations and standards, including FedRAMP, DISA SRG and STIGs, as applicable. You will provide subject matter expertise for the design, implementation, operations, management, and maintenance of the Datadog product in all aspects of Information Assurance and Information Security as it relates to Datadog’s FedRAMP activities. This includes being able to assess and mitigate system security threats and risks, validate system security requirements, analyze and collaborate on system security designs, verify compliance with system security requirements, perform system audits, testing, support security compliance audits, and act as a liaison with other departments and business units to support ongoing system security operations and maintenance.
- Support security efforts in pursuit of U.S. Government accreditations (FedRAMP, FISMA, DoD Cloud Catalog).
- Synthesize complex customer documents (MSAs, Security Addendums, etc.) into concrete requirements for the Datadog Engineering, Legal and Finance teams.
- Document Datadog practices to provide transparency to customers, prospects and other stakeholders.
- Communicate directly with Datadog customers, prospects and other stakeholders.
- Work across security and engineering teams to design, implement, and monitor security and compliance features.
- Support assessment and continuous monitoring and reporting activities.
- Design defensive policies that allow the Datadog security and general engineering teams to move quickly and adapt to an evolving threat landscape.
- Serve as a mentor to junior staff, sharing technical depth and understanding of complex information security requirements with others to improve team performance.
- You have a BS and a minimum 5 years of relevant industry experience
- You have a proven track record working in security policy, compliance, information security operations or security consulting
- You have a strong understanding of cloud services architecture (Amazon Web Services)
- You have demonstrable experience designing, supporting, advising, and assessing the implementation of security controls for a FedRAMP authorized system or other system based on NIST 800-53
- You value correctness and efficiency, and leave no stone unturned when reviewing documentation
- Exceptional attention to detail
- You want to work in a fast paced, high growth startup environment
- Ability to comply with ITAR and GovCloud requirements
- Relevant Industry Certification (CISSP, CISA, GIAC)
- Compliance Certification a big plus (Prior 3PAO, ISO 27001 Lead Auditor/Implementer, QSA)
- Knowledge of and experience with the use and configuration of vulnerability scanning tools
- You feel comfortable and enjoy talking to highly technical engineering teams
- Your writing is beyond reproach
- Verbal communication is your cup of tea
- Deep exposure to multiple compliance and regulatory regimes (e.g. FedRAMP, GDPR, HIPAA, ISO 27001, PCI DSS)