Security Engineer

Join a technology services organization as a Security Engineer in a full-time role focused on operating code security scanning with emphasis on Secret Scanning using Datadog. This position can be onsite or hybrid/remote as approved. You'll be responsible for identifying exposed credentials, keys, tokens, and other secrets in repositories and pipelines while owning the end-to-end remediation lifecycle including triage, validation, rotation/revocation, replacement with secure patterns, and prevention controls to stop recurrence. Working closely with development teams and the Client Security Advisor, you'll build a repeatable operational model that produces audit-friendly evidence while implementing preventative controls to block secrets from landing in code.

This is an exceptional opportunity for a security engineer who wants to make immediate, measurable impact on application security posture. Unlike traditional security roles focused only on detection, you'll own the complete remediation lifecycle from finding secrets to ensuring they're properly rotated, replaced with secure patterns, and prevented from recurring. The hands-on nature of this role means you'll work directly with engineering teams, gaining deep understanding of CI/CD pipelines, Git workflows, and secure development practices. You'll build automation and runbooks that scale remediation efforts across the organization while establishing SLAs and operational processes for critical exposures. Working with Datadog Code Security provides experience with a leading security platform while developing transferable skills applicable to similar tools like GitHub Advanced Security, Snyk, or SonarQube. The role offers significant technical variety, from configuring scanning tools and triaging findings to writing scripts for automation and implementing policy gates in CI/CD pipelines. You'll partner with the Client Security Advisor to ensure remediation work meets audit requirements, gaining valuable experience in compliance and evidence collection. The position combines security engineering with DevSecOps practices, building expertise in secrets management, cloud identity patterns, and secure SDLC that are highly sought after in the market. With opportunities to implement preventative controls and standardize secure patterns across the organization, you'll drive cultural change toward security-first development practices.

Required Skills & Experience

• 4 years in security engineering, DevSecOps, or application security
• Strong hands-on experience with secrets management including vaults/KMS, rotation practices, and least privilege principles
• Experience with Git workflows and CI/CD pipelines including PRs, build agents, and branching strategies
• Proven experience with remediation in real engineering environments, not just detection
• Ability to write scripts and automation using Python, PowerShell, or Bash for triage, validation, and remediation support
• Strong communication and coordination skills across development teams and operations
• Experience triaging security findings and distinguishing true positives from false positives
• Understanding of credential rotation and revocation processes
• Ability to assess severity based on blast radius, environment exposure, and privilege levels
• Experience implementing secure secret management patterns
  
  

Desired Skills & Experience

• Experience with Datadog Code Security or similar tools such as GitHub Advanced Security, Snyk, SonarQube, or Veracode
• Familiarity with cloud identity and access patterns including Azure AD, managed identities, and key vault integrations
• Knowledge of secure SDLC practices and common application security vulnerability classes
• Experience implementing CI/CD security gates and policy enforcement
• Background in DevSecOps or application security programs
• Understanding of secret injection patterns including environment variables and vault/KMS integrations
• Experience building runbooks and operational documentation
• Familiarity with compliance and audit evidence requirements
• Experience with on-call rotations for security incidents
• Knowledge of container security and cloud-native patterns
  
  

What You Will Be Doing

Tech Breakdown

• 35% Secret Detection and Triage (configuring scanning, validating findings, assessing severity)
• 30% Remediation Execution (credential rotation, secure pattern replacement, verification)
• 20% Prevention and Automation (CI/PR checks, policy gates, scripting, developer guidance)
• 15% Operations and Reporting (runbooks, SLAs, evidence collection, progress tracking)
  
  

Daily Responsibilities

• 45% Hands-On Remediation (rotating credentials, removing secrets, implementing secure patterns)
• 30% Triage and Validation (analyzing findings, assessing severity, coordinating with teams)
• 25% Prevention and Documentation (building controls, automation, runbooks, reporting)
  
  

Posted By: Kaejen Surat