Engineering Manager I - Cyber Threat Intelligence

The Team:

The Cyber Threat Intelligence team’s mission is to stay ahead of threat actors and their TTPs to help Datadog make intelligence-led-decisions to improve our security posture. As part of the Detection & Threat Intelligence group, you will get to work in Datadog’s Security Engineering organization.

We are looking for an Engineering Manager to lead the Cyber Threat Intelligence team. This team focuses on tracking threat actors, malware, and vulnerabilities relevant to Datadog. This manager will report to the Engineering Manager II of the Detection & Intelligence Group and will partner closely with several teams to support their intelligence requirements, including Detection Engineering, Threat Hunting, Incident Response, Trust & Safety, and Red team.

At Datadog, we place value in our office culture - the relationships and collaboration it builds and the creativity it brings to the table. We operate as a hybrid workplace to ensure our Datadogs can create a work-life harmony that best fits them.

What You’ll Do:

• Develop and lead a team of security researchers who are responsible for ideating, planning and executing the cyber threat intelligence roadmap at Datadog which includes: threat hunting, threat intelligence, and threat actor/malware tracking.
• Work with leadership to set quarterly OKRs that address priority intelligence requirements.
• Support a RFI program for intelligence stakeholders.
• Build, and optimize the collection, processing and dissemination of strategic, tactical, and operational threat intelligence for intelligence stakeholders.
• Track, research and experiment with the latest tactics, techniques & procedures for attacking and defending integrated production environments with Datadog.
• Develop and maintain tools for automating the collection and analysis of intelligence.
• Create and collaborate with Security Engineering teams on proof of concept products, services, tools and simulations to demonstrate new capabilities and protections in Datadog environments.
• Evangelize your team’s mission and regularly communicate with teams outside of your organizational structure.
• Build intelligence sharing partnerships with external researchers and organizations dedicated to advancing cybersecurity for the world.

Who You Are:

• A proven leader with experience leading an internal cyber threat intelligence group for a cloud native company or SaaS vendor.
• Prior experience collaborating with security engineering teams to turn threat intelligence into measurable improvements to an organization’s security posture.
• A technical practitioner who has hands-on experience building, investigating and reporting on threat activity in highly complex environments.
• You have experience with collecting and anticipating intelligence requirements from your stakeholders and building out an operational model to support the production of intelligence products for them.
• Connected to threat intelligence sharing groups and can help navigate the complexities of intelligence sharing.
• You have led threat hunts to identify novel threat activity and turn that into new detections, new intelligence, and threat research publications.
• You are comfortable with helping build proof-of-concept services, which include writing and testing code (e.g. Go, Python, Ruby), deploying code to cloud environments and monitoring of these services.
• Motivating, kind and humble people leader who focuses on growth and happiness for your team. You have the ability to grow talent by providing a proper mentorship and performance management environment while prioritizing empathy.
• You value correctness and efficiency; you leave no stone unturned when reviewing documentation.

Note: If you’re excited about this role and meet most of the qualifications, we encourage you to apply!

Bonus Points:

• Experience setting up and managing a threat intelligence platform (TIP) to centralize intelligence collection, dissemination, and threat research activities.
• Experience responding to large scale emerging threats and vulnerabilities in a threat intelligence or incident response capacity.
• You have published blogs on threat intelligence topics, threat research, and spoken at security conferences on your findings.