Engineering Manager - Security Incident Response

Engineering Manager - Security Incident Response

Join to apply for the Engineering Manager - Security Incident Response role at Datadog
.

The Security Incident Response team is part of our Resilience Engineering organization and plays a vital role in keeping Datadog safe. Our goal is to ensure that Datadog is prepared for and efficiently responds to security-related incidents, ensuring that threats to our systems and data are contained as fast as possible. We also partner with teams after incidents by leveraging them as opportunities to learn.

By focusing on our ability to adapt and fix systemic problems, we contribute towards a larger culture of building resilience in our people and systems.

As an Engineering Manager, you will help us realize this mission by leading a talented group of engineers who are committed to driving Datadog’s incident response capabilities to the next level. Along with building tools and automation to streamline our efficiency, you will work with key stakeholders across Datadog to ensure we are focusing our efforts in the right areas and are measuring how we improve.

As part of a leadership team, you will be active in shaping our organizational strategy and culture.

At Datadog, we place value in our office culture – the relationships and collaboration it builds and the creativity it brings to the table. We operate as a hybrid workplace to ensure our Datadogs can create a work‑life harmony that best fits them.

• Lead and mentor a team of experienced incident responders who are passionate about building a culture of security and resilience p engineers grow to the next level and continuously provide them opportunities to develop.
• Serve as a hands‑on leader during incidents. Lead under pressure, make decisions in ambiguous situations, and collaborate across several teams to drive towards resolution. Be on‑call in our secondary rotation (along with around 5 other leaders), which is escalated to when responders need help with resourcing or decision‑making.
• Ensure the team is triaging alerts and signals in Datadog Cloud SIEM consistently and to a high level so that we can respond to emerging threats. Partner with our Threat Detection team to tune and calibrate these signals so they’re delivering value.
• Build tools, systems, and processes to ensure Datadog is maturing its security incident response capabilities. Ensure that our operational capabilities are measured and communicated with stakeholders.
• Lead post‑incident analysis efforts so that engineers at Datadog learn from security incidents, ensuring postmortems are blameless and actionable. Ensure we are capturing follow‑up items that repair systematic issues and prevent repeated patterns.
• Partner with Datadog’s product management team by providing feedback on features and be willing to champion areas for improvement. Work with other security teams within Datadog to develop strategies and plans to prevent future security incidents.

• 2-3 years experience as a people manager or as a technical leader with strong mentorship skills. Ideally candidates will have experience in career development, performance management, tracking and optimizing team velocity, OKRs, and hiring candidates into diverse and inclusive organizations.
• 3-5 years experience working in incident response teams and large‑scale incident response programs, with particular focus on security‑related incidents and threats. Strong ownership and an ability to work outside your comfort zones to return Datadog to a stable state when failure does occur, even if it falls outside team boundaries.
• Technical pragmatism and an ability to help the team reason about trade‑offs around implementation. You will often review the decisions and RFCs from senior engineers, and you will need to blend both your technical and business acumen to do this.
• Strong distributed systems knowledge. While we are not in the critical path for customer‑facing infrastructure, we support people who are, so we need to leverage our technical experience to build credibility. We frequently read post‑mortems and offer suggestions, so you will need a good technical baseline.
• Strong…