Container Runtime Engineer

The Compute Nodes team at Datadog manages the foundational Kubernetes infrastructure that powers our global multi-cloud platform. We're responsible for the entire node layer, from OS and kernel security to GPU infrastructure, storage solutions, and container runtime isolation.

The Compute Sandboxing subteam will own the isolation and execution layer, managing runtime diversity and sandboxing technologies that enable secure multi-tenant execution. We're investing heavily in Kata Containers to deliver security isolation for running untrusted customer code, while exploring alternative sandboxing approaches (gVisor, Web Assembly) for different use case requirements.

This role directly supports Datadog's strategic investment in safe execution of untrusted customer code in multi-tenant infrastructure

You will collaborate with the Job Platform team to deliver isolation capabilities that enable new product features while maintaining performance at scale.

• Design, implement, and maintain container isolation infrastructure across multi-cloud Kubernetes environments, with primary focus on Kata Containers and micro
  
  VM technologies
• Achieve performance parity for isolated workloads by resolving disk I/O limitations
• Develop new Kata backends for diverse infrastructure requirements, including potential AWS Nitro Enclaves integration
• Evaluate emerging sandboxing technologies (gVisor, Web Assembly, unikernels) for specific workload requirements
• Collaborate with upstream Kata Containers project to contribute improvements and influence roadmap
• Act as subject matter expert on container security isolation, mentoring engineers on isolation best practices

• Strong systems programming background with 4+ years of experience in container runtimes and Linux kernel primitives
• Hands-on experience with container runtime hardening technologies like Kata Containers, gVisor, Firecracker, or similar micro
  
  VM/sandboxing solutions
• Deep understanding of Linux kernel interfaces: name spaces, cgroups, seccomp, capabilities, LSMs, and virtualization (KVM/QEMU)
• Proficiency in systems programming languages (Go, Rust, or
  
  C) with ability to debug low-level code
• Knowledge of container runtime specifications (OCI, CRI) and containerd architecture

• Upstream contributions to Kata Containers, containerd, gVisor, or related CNCF projects
• Experience with AWS Nitro Enclaves, confidential computing, or hardware security features
• Broad Kubernetes expertise including storage (CSI), networking (CNI), or device management (CDI, NRI)
• Performance tuning for I/O-intensive workloads in virtualized environments
• Technical leadership experience driving architectural decisions in complex systems
• Familiarity with eBPF, GPU passthrough, or specialized hardware device management

Datadog offers a competitive salary and equity package, and may include variable compensation. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, Datadog offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, parental planning, and mental health benefits, a 401(k) plan and match, paid time off, fitness reimbursements, and a discounted employee stock purchase plan.

The reasonably estimated yearly salary for this role at Datadog is: $187,000 — $240,000 USD

Datadog (NASDAQ: DDOG) is a global SaaS business, delivering a rare combination of growth and profitability. We are on a mission to break down silos and solve complexity in the cloud age by enabling digital transformation, cloud migration, and infrastructure monitoring of our customers’ entire technology stacks. Built by engineers, for engineers, Datadog is used by organizations of all sizes across a wide range of industries.

Together, we champion professional development, diversity of thought, innovation, and work excellence to empower continuous growth. Join the pack and become part of a collaborative, pragmatic, and thoughtful people-first community where we solve tough problems, take smart risks, and celebrate one another. Learn more about #Datadog Life on Instagram, Linked In, and Datadog Learning Center.

Datadog is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and other characteristics protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. Here are our Candidate Legal Notices for your reference.

Any information you submit to Datadog as part of your application will be processed in accordance with Datadog’s Applicant and Candidate Privacy Notice. For information on our AI policy, please visit Interviewing at Datadog AI Guidelines.