Container Runtime Engineer

The Compute Nodes team at Datadog manages the foundational Kubernetes infrastructure that powers our global multi-cloud platform. We're responsible for the entire node layer, from OS and kernel security to GPU infrastructure, storage solutions, and container runtime isolation.

The

Compute Sandboxing

subteam will own the isolation and execution layer, managing runtime diversity and sandboxing technologies that enable secure multi-tenant execution. We're investing heavily in

Kata Containers

to deliver security isolation for running untrusted customer code, while exploring alternative sandboxing approaches (gVisor, WebAssembly) for different use case requirements.

This role directly supports Datadog's strategic investment in safe execution of untrusted customer code in multi-tenant infrastructure

You will collaborate with the Job Platform team to deliver isolation capabilities that enable new product features while maintaining performance at scale.

Key Responsibilities

Design, implement, and maintain container isolation infrastructure across multi-cloud Kubernetes environments, with primary focus on Kata Containers and microVM technologies

Achieve performance parity for isolated workloads by resolving disk I/O limitations

Develop new Kata backends for diverse infrastructure requirements, including potential

AWS Nitro Enclaves

integration

Evaluate emerging sandboxing technologies (

gVisor

,

WebAssembly

,

unikernels

) for specific workload requirements

Collaborate with upstream Kata Containers project to contribute improvements and influence roadmap

Act as subject matter expert on container security isolation, mentoring engineers on isolation best practices

Requirements

Strong systems programming background with 4+ years of experience in container runtimes and Linux kernel primitives

Hands-on experience with container runtime hardening  technologies like Kata Containers, gVisor, Firecracker, or similar microVM/sandboxing solutions

Deep understanding of Linux kernel interfaces: namespaces, cgroups, seccomp, capabilities, LSMs, and virtualization (KVM/QEMU)

Proficiency in systems programming languages (Go, Rust, or C) with ability to debug low-level code

Knowledge of container runtime specifications (OCI, CRI) and containerd architecture

Bonus Points

Upstream contributions to Kata Containers, containerd, gVisor, or related CNCF projects

Experience With Aws Nitro Enclaves, Confidential Computing, Or Hardware Security Features

Broad Kubernetes expertise including storage (CSI), networking (CNI), or device management (CDI, NRI)

Performance tuning for I/O-intensive workloads in virtualized environments

Technical leadership experience driving architectural decisions in complex systems

Familiarity with eBPF, GPU passthrough, or specialized hardware device management

Datadog offers a competitive salary and equity package, and may include variable compensation. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, Datadog offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, parental planning, and mental health benefits, a 401(k) plan and match, paid time off, fitness reimbursements, and a discounted employee stock purchase plan.

The Reasonably Estimated Yearly Salary For This Role At Datadog Is

$187,000

—

$240,000 USD

About Datadog

Datadog (NASDAQ: DDOG) is a global SaaS business, delivering a rare combination of growth and profitability. We are on a mission to break down silos and solve complexity in the cloud age by enabling digital transformation, cloud migration, and infrastructure monitoring of our customers’ entire technology stacks. Built by engineers, for engineers, Datadog is used by organizations of all sizes across a wide range of industries. Together, we champion professional development, diversity of thought, innovation, and work excellence to empower continuous growth. Join the pack and become part of a collaborative, pragmatic, and thoughtful people-first community where we solve tough problems, take smart risks, and celebrate one another. Learn more about #DatadogLife on

Instagram

,

LinkedIn,

and

Datadog Learning Center.

Equal Opportunity At Datadog

Datadog is proud to offer

Equal Employment Opportunity

to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and other characteristics protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. Here are our

Candidate Legal Notices

for your reference.

Datadog endeavors to make our Careers Page accessible to all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please complete

this form

. This form is for accommodation requests only and cannot be used to inquire about the status of applications.

Privacy And Ai Guidelines

Any information you submit to Datadog as part of your application will be processed in accordance with Datadog’s

Applicant and Candidate Privacy Notice

. For information on our AI policy, please visit

Interviewing at Datadog AI Guidelines

.