Engineering Manager I, Threat Detection

Datadog Datadog · Enterprise · New York, NY · Security

Engineering Manager for Threat Detection at Datadog, leading a team focused on AI-accelerated threat detection. The role involves strategy, roadmap, and execution for AI-driven detections, building and mentoring engineers, and partnering with security and AI teams. Key responsibilities include developing detection-authoring agents, the detection platform, and evaluation infrastructure, while also shipping direct detections. The role requires experience in security operations, building automation systems, and leading teams, with a focus on production quality and AI/ML systems lifecycle.

What you'd actually do

  1. Lead the strategy, roadmap, and execution of Datadog Security's shift to AI-accelerated detection and response.
  2. Drive development of high-fidelity detections as a shared responsibility across the organization, ensuring your team's systems and direct contributions raise the bar on coverage and signal quality.
  3. Build, mentor, and grow a high-performing team of engineers tackling the hardest problems in threat detection at scale.
  4. Partner with sister teams across Threat Detection and the broader Security organization so your team's deliverables integrate reliably with the rest of the program.
  5. Define and track program metrics: detection coverage, signal quality, model and agent fidelity, evaluation pass rates, incident response readiness, and your team's measurable contribution to security operations outcomes.

Skills

Required

  • Security operations, detection engineering, or incident response experience
  • Building automation systems for security operations workflows
  • Understanding of modern threat actor techniques and detection engineering lifecycle
  • Technical credibility with detection logic, code (e.g., Python), and security systems architecture
  • Experience at a SaaS or cloud infrastructure company
  • People leadership, mentorship, team growth, and inclusion

Nice to have

  • Led or sponsored threat hunts
  • Translated security research, threat intelligence, or analyst workflows into engineered systems
  • Designed or operated detection platforms (SIEM pipelines, detection-as-code, CI/CD for security content)
  • Built observability for detection systems
  • Designed safety, guardrails, or human-in-the-loop systems for autonomous AI in security domains

What the JD emphasized

  • AI-accelerated detection and response
  • detection-authoring agents
  • AI Engineering teams
  • ML systems to production
  • agentic or ML systems to production

Other signals

  • AI-accelerated detection and response
  • detection-authoring agents
  • AI Engineering teams
  • ML systems to production