Senior Security Engineer - Cloud SIEM

As a Senior Security Engineer focused on Datadog’s Cloud SIEM product, you will help shape the future of security operations by transforming real-world security expertise into scalable detection, investigation, and response capabilities. You will develop high-impact threat detection content, improve AI-assisted security workflows, and help defenders identify and respond to threats across cloud-native and enterprise environments. Working closely with Product, Engineering, and Security Research teams, you will influence the evolution of Datadog Security products while advancing detection coverage across emerging technologies and attack surfaces. This role offers the opportunity to contribute to open source initiatives, publish security research, and help define the next generation of agentic security operations capabilities.

At Datadog, we place value in our office culture - the relationships and collaboration it builds and the creativity it brings to the table. We operate as a hybrid workplace to ensure our Datadogs can create a work-life harmony that best fits them.

What You'll Do:

• Research attacker techniques, defensive strategies, and emerging threats, translating findings into scalable security capabilities that protect customers at cloud scale.
• Design and improve AI-powered investigation, threat hunting, and response workflows that support Datadog’s agentic SOC capabilities.
• Own the lifecycle of threat detections and automated security workflows, from research and design through deployment, measurement, and continuous improvement.
• Develop high-fidelity detection content across cloud platforms, SaaS applications, identity systems, endpoints, networks, and other modern attack surfaces.
• Partner with Product, Engineering, Security Research, and customers to influence roadmap decisions and improve security outcomes across the platform.
• Mentor security engineers and drive improvements through automation, tooling, rapid prototyping, and data-driven optimization.

Who You Are:

• Experienced in detection engineering, incident response, threat hunting, security operations, or related defensive security disciplines.
• Knowledgeable in securing and operating public cloud environments such as AWS, Azure, or GCP, along with cloud-native technologies including Kubernetes, Docker, and Terraform.
• Skilled in modern detection engineering practices, including detection-as-code methodologies and large-scale security telemetry analysis.
• Proficient in Python, Go, or similar programming languages used to automate workflows, analyze security data, and build security tooling.
&