Key skills
CGoRustAIAWSKubernetesDatadogSaaSLeadershipMentoring
About this role
Datadog is a global SaaS business focused on enabling digital transformation and infrastructure monitoring. They are seeking a Container Runtime Engineer to manage container isolation infrastructure and collaborate with teams to enhance product features while ensuring performance at scale.
Responsibilities:
- Design, implement, and maintain container isolation infrastructure across multi-cloud Kubernetes environments, with primary focus on Kata Containers and microVM technologies
- Achieve performance parity for isolated workloads by resolving disk I/O limitations
- Develop new Kata backends for diverse infrastructure requirements, including potential AWS Nitro Enclaves integration
- Evaluate emerging sandboxing technologies (gVisor, WebAssembly, unikernels) for specific workload requirements
- Collaborate with upstream Kata Containers project to contribute improvements and influence roadmap
- Act as subject matter expert on container security isolation, mentoring engineers on isolation best practices
Requirements:
- Strong systems programming background with 4+ years of experience in container runtimes and Linux kernel primitives
- Hands-on experience with container runtime hardening technologies like Kata Containers, gVisor, Firecracker, or similar microVM/sandboxing solutions
- Deep understanding of Linux kernel interfaces: namespaces, cgroups, seccomp, capabilities, LSMs, and virtualization (KVM/QEMU)
- Proficiency in systems programming languages (Go, Rust, or C) with ability to debug low-level code
- Knowledge of container runtime specifications (OCI, CRI) and containerd architecture
- You have demonstrated ability to use AI coding tools in day-to-day workflows and validate, critique, and refine AI-generated output
- Upstream contributions to Kata Containers, containerd, gVisor, or related CNCF projects
- Experience with AWS Nitro Enclaves, confidential computing, or hardware security features
- Broad Kubernetes expertise including storage (CSI), networking (CNI), or device management (CDI, NRI)
- Performance tuning for I/O-intensive workloads in virtualized environments
- Technical leadership experience driving architectural decisions in complex systems
- Familiarity with eBPF, GPU passthrough, or specialized hardware device management
- You're motivated to push the boundaries of how AI can improve software engineering best practices and contribute to building AI-enabled products