Datadog

Security Analyst - FedRAMP

3+ months agoBoston, MA / Remote

About Datadog:

We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams. We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.

The team:

The Federal Programs team supports Datadog’s business within the U.S. Government market by working with engineers to meet FedRAMP and other government-mandated requirements and lead ongoing compliance activities.

The opportunity:

As a Senior Security Analyst for the Federal Programs team, you will lead efforts to respond to U.S. Government regulations and standards, including FedRAMP(NIST 800-53), DISA SRG and STIGs, as applicable. You will provide subject matter expertise for the design, implementation, operations, management, and maintenance of the Datadog product in all aspects of Information Assurance and Information Security as it relates to Datadog’s Federal Programs activities. This includes being able to assess and mitigate system security threats and risks, validate system security requirements, analyze and collaborate on system security designs, verify compliance with system security requirements, manage the complete internal and external assessment and audit lifecycle, testing, and act as a liaison with other departments and business units to support ongoing system security operations and maintenance.

You will:

Support security efforts in pursuit of U.S. Government accreditations (FedRAMP, FISMA, DoD Cloud Catalog).
Synthesize complex customer documents (MSAs, Security Addendums, etc.) into concrete requirements for the Datadog Engineering, Legal and Finance teams.
Document Datadog practices to provide transparency to customers, prospects and other stakeholders.
Communicate directly with Datadog customers, prospects and other stakeholders.
Work across security and engineering teams to design, implement, and monitor security and compliance features.
Support assessment and continuous monitoring and reporting activities.
Design and maintain defensive policies that allow the Datadog security and general engineering teams to move quickly and adapt to an evolving threat landscape.
Serve as a mentor to junior staff, sharing technical depth and understanding of complex information security requirements with others to improve team performance.
Manage ongoing relationships with key third party entities such as the FedRAMP PMO, 3PAO and the AO.

Requirements:

You have a BS (or equivalent experience) and a minimum 5 years of relevant industry experience
You have a proven track record working in security policy, compliance, information security operations or security consulting
You have a strong understanding of cloud services architecture (Amazon Web Services)
You have demonstrable experience designing, supporting, advising, and assessing the implementation of security controls for a FedRAMP authorized system or other system based on NIST 800-53
Demonstrable experience partnering with stakeholder teams to implement standards and procedures that provide business value first while meeting control requirements
You value correctness and efficiency, and leave no stone unturned when reviewing documentation
Exceptional attention to detail
You want to work in a fast paced, high growth environment
Ability to comply with ITAR and GovCloud requirements

Bonus points:

Experience with FedRAMP High and/or DoD Impact Level 4
Experience managing and supporting FedRAMP continuous monitoring activities that require continuous engagement with various parts of the organization and external offices
Relevant Industry Certification (CISSP, CISA, GIAC)
Compliance Certification a big plus (Prior 3PAO, ISO 27001 Lead Auditor/Implementer, QSA)
Knowledge of and experience with the use and configuration of vulnerability scanning tools
You feel comfortable and enjoy talking to highly technical engineering teams
Your writing is beyond reproach
Verbal communication is your cup of tea
Deep exposure to multiple compliance and regulatory regimes (e.g. FedRAMP, GDPR, HIPAA, ISO 27001, PCI DSS, SOC 2)

 

<p style="background-color:white;color:white;">#LI-Remote This is a remote position</p>

 
 
 
 
 
 
 
 
 
 

 

#LI-Remote

 

Equal Opportunity at Datadog:

Datadog is an Affirmative Action and Equal Opportunity Employer and is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and more. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

 

Your Privacy:

Any information you submit to Datadog as part of your application will be processed in accordance with Datadog’s Applicant and Candidate Privacy Notice.