Engineering Manager, Cyber Threat Intelligence

Engineering Manager, Cyber Threat Intelligence at Datadog

The Cyber Threat Intelligence team’s mission at Datadog is to proactively identify and understand threat actors and their Tactics, Techniques, and Procedures (TTPs). This enables Datadog to make intelligence-led decisions, significantly improve our security posture, inform the development of detections in our security products, and publish research that enhances the Datadog security brand. As a key part of the Detection & Threat Intelligence group, you will operate at the crucial intersection of Datadog’s global information security and security product organizations.

We are actively seeking an Engineering Manager to lead the Cyber Threat Intelligence team. This team is dedicated to tracking threat actors, malware, and vulnerabilities pertinent to both Datadog and its customers. Additionally, they contribute to the Datadog Security Labs brand through publishing insightful threat research blogs and presenting at industry conferences. This manager will report directly to the Engineering Manager II of the Detection & Intelligence Group and will forge strong partnerships with numerous teams to fulfill their intelligence requirements. These teams include Detection Engineering, Threat Hunting, Incident Response, Trust & Safety, Red Team, Product Management, Product Detection Engineering, and Security Products Engineering.

At Datadog, we deeply value our office culture, recognizing the relationships, collaboration, and creativity it fosters. We operate as a hybrid workplace, ensuring our Datadogs can achieve a work-life harmony that best suits their needs. This particular role is available as East Coast - Remote.

What You’ll Do:

• Develop and lead a team of security researchers responsible for ideating, planning, and executing the cyber threat intelligence roadmap at Datadog. This includes critical areas such as threat hunting, threat intelligence production, thought leadership, and detailed actor/malware tracking.
• Build a cohesive and unified threat research and intelligence effort focused on tracking threat actors specifically targeting Datadog and its customers.
• Work collaboratively with leadership to establish quarterly Objectives and Key Results (OKRs) that effectively address high-priority intelligence and research requirements.
• Establish and maintain a robust Request for Information (RFI) program tailored for intelligence stakeholders, ensuring timely and relevant intelligence dissemination.
• Build and continuously optimize the collection, processing, and dissemination of strategic, tactical, and operational threat intelligence for all intelligence stakeholders.
• Track, research, and experiment with the latest tactics, techniques, and procedures (TTPs) used for both attacking and defending integrated production environments utilizing Datadog.
• Develop and maintain essential tools for automating the collection and in-depth analysis of intelligence data.
• Create and collaborate with Engineering & Product Management on proof-of-concept products, services, tools, and simulations to demonstrate new capabilities and protections within Datadog environments.
• Champion your team’s mission, regularly communicating successes and insights with teams outside of your immediate organizational structure.
• Work closely with our Community team to develop compelling thought-leadership threat research content suitable for blogs, webinars, and industry conferences.
• Build strong partnerships with external organizations dedicated to advancing cybersecurity globally.

Who You Are:

• A proven leader with significant experience in managing threat research, cyber threat intelligence, security engineering, or security research teams.
• A technical practitioner with hands-on experience building, investigating, and reporting on threat activity within highly complex environments.
• Experienced in collecting and anticipating intelligence requirements from stakeholders and developing an operational model to support the production of intelligence products for them.
• Connected to established threat intelligence sharing groups and proficient in navigating the complexities of intelligence sharing protocols.
• You have led successful threat hunts, resulting in the identification of novel threat activity and its conversion into new detections, intelligence, and published threat research.
• Comfortable with helping to build proof-of-concept services, which includes writing and testing code (e.g., Go, Python, Ruby), deploying code to cloud environments, and monitoring these services.
• You have a track record of publishing blogs on threat intelligence topics or threat research, and have presented your findings at security conferences.
• A motivating, kind, and humble people leader who prioritizes the growth and happiness of your team. You possess the ability to nurture talent through effective mentorship and a supportive performance management environment, always emphasizing empathy.
• You value correctness and efficiency, meticulously reviewing documentation to ensure accuracy and thoroughness.

Bonus Points:

• Experience leading a cyber threat intelligence group specifically for a cloud-native technology/security vendor.
• Experience in setting up and managing a threat intelligence platform (TIP) to centralize intelligence collection, dissemination, and threat research activities.
• Proven experience responding to large-scale emerging threats and vulnerabilities in a dedicated threat intelligence or incident response capacity.
• Experience collaborating with Product Managers and Engineering teams on security products focused around threat detection and threat intelligence.

Key skills/competency:

• Cyber Threat Intelligence
• Threat Hunting
• Security Research
• Leadership & Management
• Roadmap Development
• Stakeholder Engagement
• Go, Python, Ruby
• Cloud Security
• Incident Response
• TTP Tracking