Software Engineer SDLC Security Public Artifacts

Paris - France

Monthly Salary: Not Disclosed

Posted on: 20 days ago

Vacancies: 1 Vacancy

Job Summary

We are looking for a Software Engineer for the SDLC Security team to help secure the supply chain of our public artifacts. This role will work on securing all source build publish and distribution channels used to push artifacts to customers implementing secure by default practices and verifiable integrity claims.

Youll join at an ideal time to make a big impact as the need for robust supply chain security is higher than its ever been. Datadog as a platform is growing fast and is used very widely and the continued and exciting expansion of our product portfolio requires agile thinkers with a deep grounding in security fundamentals. Youll be involved in every step of securing our supply chain and the platforms that push artifacts to customersmodeling risks for existing and new areas designing solutions that mitigate threats to ourselves and our customers and writing mission critical software that secures our software from source all the way to ours and our customers runtime.

At Datadog we place value in our office culture - the relationships and collaboration it builds and the creativity it brings to the table. We operate as a hybrid workplace to ensure our Datadogs can create a work-life harmony that best fits them.

What Youll Do:

Analyze and enhance Datadogs software supply chain security posture including build-pipeline security delivery mechanisms and key and configuration management.
Partner with Senior Engineers in SDLC Security and our product teams to secure our customer facing distribution channels including NPM PyPI and Dockerhub.
Secure the critical PKI and signing infrastructure used to verify customer facing software
Reduce the attack surface of Datadogs client-facing software by mitigating build and supply chain risks.
Build provable integrity mechanisms throughout the entire supply chain working from source management systems out through to node level configuration in Datadogs compute.
Represent Datadog in the open source software supply chain security community.

Who You Are:

Proven track record of designing and coding systems that help secure the software supply chain and SDLC systems and are leveraged by multiple teams.
Track record of successfully driving security initiatives with leadership and engineering buy-in.
Dedication to staying current with the latest security best practices technologies and emerging threats.
You are fluent in one or more modern coding languages (Python Go etc.).
You are able to work closely with engineering and DevOps teams to integrate security seamlessly into the development process.
You are familiar with securing public distribution channels (e.g. PyPI NPM Dockerhub ECR/GCR/ACR registries) and Kubernetes-based development.
You want to work in an environment with exciting challenges and opportunities to make an impact.

Bonus points:

Passionate about building products that engineers love and believe in the true outcome of DevSecOps.
Knowledge in or interest of Generative AI and LLM usage in the security space
Knowledgeable of cryptography protocols such as GPG or TUF and security frameworks such as slsa.
Familiar with continuous security scanning and fine-tuning SAST rules and methodology.

Datadog values people from all walks of life. We understand not everyone will meet all the above qualifications on day one. Thats okay. If youre passionate about technology and want to grow your skills we encourage you to apply.

Benefits and Growth:

New hire stock equity (RSUs) and employee stock purchase plan (ESPP)
Continuous professional development product training and career pathing
Intradepartmental mentor and buddy program for in-house networking
An inclusive company culture ability to join our Community Guilds (Datadog employee resource groups)
Access to Inclusion Talks our internal panel discussions
Free global mental health benefits for employees and dependents age 6
Competitive global benefits

Benefits and Growth listed above may vary based on the country of your employment and the nature of your employment with Datadog.

What Youll Do:

Analyze and enhance Datadogs software supply chain security posture including build-pipeline security delivery mechanisms and key and configuration management.
Partner with Senior Engineers in SDLC Security and our product teams to secure our customer facing distribution channels including NPM PyPI and Dockerhub.
Secure the critical PKI and signing infrastructure used to verify customer facing software
Reduce the attack surface of Datadogs client-facing software by mitigating build and supply chain risks.
Build provable integrity mechanisms throughout the entire supply chain working from source management systems out through to node level configuration in Datadogs compute.
Represent Datadog in the open source software supply chain security community.

Who You Are:

Proven track record of designing and coding systems that help secure the software supply chain and SDLC systems and are leveraged by multiple teams.
Track record of successfully driving security initiatives with leadership and engineering buy-in.
Dedication to staying current with the latest security best practices technologies and emerging threats.
You are fluent in one or more modern coding languages (Python Go etc.).
You are able to work closely with engineering and DevOps teams to integrate security seamlessly into the development process.
You are familiar with securing public distribution channels (e.g. PyPI NPM Dockerhub ECR/GCR/ACR registries) and Kubernetes-based development.
You want to work in an environment with exciting challenges and opportunities to make an impact.

Bonus points:

Passionate about building products that engineers love and believe in the true outcome of DevSecOps.
Knowledge in or interest of Generative AI and LLM usage in the security space
Knowledgeable of cryptography protocols such as GPG or TUF and security frameworks such as slsa.
Familiar with continuous security scanning and fine-tuning SAST rules and methodology.

Benefits and Growth:

New hire stock equity (RSUs) and employee stock purchase plan (ESPP)
Continuous professional development product training and career pathing
Intradepartmental mentor and buddy program for in-house networking
An inclusive company culture ability to join our Community Guilds (Datadog employee resource groups)
Access to Inclusion Talks our internal panel discussions
Free global mental health benefits for employees and dependents age 6
Competitive global benefits

Benefits and Growth listed above may vary based on the country of your employment and the nature of your employment with Datadog.