Engineering Manager, Cyber Threat Intelligence

About the Role

The Cyber Threat Intelligence team at Datadog is dedicated to anticipating and understanding threat actor tactics, techniques, and procedures (TTPs). Our mission is to empower Datadog to make intelligence-led decisions, enhancing our security posture, informing the development of our security products, and elevating the Datadog security brand through published research.

As part of the Detection & Threat Intelligence group, you will operate at the intersection of Datadog’s global information security and security product organizations.

We are seeking an Engineering Manager to lead the Cyber Threat Intelligence team. This team focuses on tracking threat actors, malware, and vulnerabilities relevant to Datadog and its customers. They also contribute significantly to the Datadog Security Labs brand through publishing threat research blogs and presenting at conferences. This manager will report to the Engineering Manager II of the Detection & Intelligence Group and will collaborate closely with various teams, including Detection Engineering, Threat Hunting, Incident Response, Trust & Safety, Red team, Product Management, Product Detection Engineering, and Security Products Engineering, to support their intelligence requirements.

Datadog values its office culture, promoting relationships, collaboration, and creativity. We operate as a hybrid workplace, supporting work-life harmony for our Datadogs.

What You’ll Do as an Engineering Manager, Cyber Threat Intelligence:

• Develop and lead a team of security researchers responsible for ideating, planning, and executing the cyber threat intelligence roadmap, encompassing threat hunting, threat intelligence, thought leadership, and actor/malware tracking.
• Build a unified threat research and intelligence effort to track threat actors targeting Datadog and its customers.
• Collaborate with leadership to establish quarterly OKRs that address priority intelligence and research requirements.
• Build and support a Request for Information (RFI) program for intelligence stakeholders.
• Develop and optimize the collection, processing, and dissemination of strategic, tactical, and operational threat intelligence for intelligence stakeholders.
• Track, research, and experiment with the latest tactics, techniques, and procedures for attacking and defending integrated production environments with Datadog.
• Develop and maintain tools for automating the collection and analysis of intelligence.
• Create and collaborate with Engineering & Product Management on proof-of-concept products, services, tools, and simulations to demonstrate new capabilities and protections in Datadog environments.
• Evangelize your team’s mission and regularly communicate with teams outside your organizational structure.
• Work closely with our Community team to develop thought-leadership threat research content for blogs, webinars, and conferences.
• Build partnerships with external organizations dedicated to advancing cybersecurity.

Who You Are:

• A proven leader with experience leading threat research, cyber threat intelligence, security engineering, or security research teams.
• A technical practitioner with hands-on experience building, investigating, and reporting on threat activity in highly complex environments.
• Experienced in collecting and anticipating intelligence requirements from stakeholders and building an operational model to support the production of intelligence products.
• Connected to threat intelligence sharing groups and capable of navigating the complexities of intelligence sharing.
• Experienced in leading threat hunts to identify novel threat activity and transforming findings into new detections, intelligence, and threat research publications.
• Comfortable with helping build proof-of-concept services, including writing and testing code (e.g., Go, Python, Ruby), deploying code to cloud environments, and monitoring these services.
• You have published blogs on threat intelligence topics, threat research, and spoken at security conferences on your findings.
• A motivating, kind, and humble people leader focused on team growth and happiness, with the ability to mentor and manage performance with empathy.
• You value correctness and efficiency, leaving no stone unturned when reviewing documentation.

Bonus Points:

• Experience leading a cyber threat intelligence group for a cloud-native technology/security vendor.
• Experience setting up and managing a Threat Intelligence Platform (TIP) to centralize intelligence collection, dissemination, and threat research activities.
• Experience responding to large-scale emerging threats and vulnerabilities in a threat intelligence or incident response capacity.
• Experience working with Product Managers and Engineering teams on security products focused around threat detection and threat intelligence.

Key skills/competency:

• Cyber Threat Intelligence
• Security Research Leadership
• Threat Hunting
• Incident Response
• Cloud Security
• Python/Go/Ruby Development
• Security Product Development
• Strategic Intelligence
• Vulnerability Management
• Team Leadership