Engineering Manager I, Threat Detection

As Engineering Manager for Threat Detection, you will lead a high-performing team that powers Datadog's detection program. Threat Detection is the organization responsible for keeping Datadog ahead of an evolving threat environment: closing coverage gaps faster, raising the bar on signal quality, and shipping detections that hold up under the scale and complexity of cloud-native infrastructure.

Your team will combine direct detection expertise, platform engineering, and applied AI to ship detections at a pace and scale traditional rule-writing alone cannot match. Examples of what your team will work on include detection-authoring agents, the detection platform that powers every rule in production, coverage analysis, alert triage and response automation, and the evaluation infrastructure that holds these systems to a high bar of fidelity. Detection authorship is a shared responsibility across the organization, and your team will contribute both by building the systems that scale our authoring capacity and by writing detections directly when their domain expertise is the right tool.

You will partner closely with our Security Incident & Response Team (SIRT), Cyber Threat Intelligence (CTI), AI Engineering teams, and Datadog's broader Security organization. This is a high-impact leadership role: you will grow a team of security and software engineers responsible for building and executing our detection and AI strategy. At Datadog, we place value in our office culture - the relationships and collaboration it builds and the creativity it brings to the table. We operate as a hybrid workplace to ensure our Datadogs can create a work-life harmony that best fits them.

• →Lead the strategy, roadmap, and execution of Datadog Security's shift to AI-accelerated detection and response.
• →Drive development of high-fidelity detections as a shared responsibility across the organization, ensuring your team's systems and direct contributions raise the bar on coverage and signal quality.
• →Build, mentor, and grow a high-performing team of engineers tackling the hardest problems in threat detection at scale.
• →Partner with sister teams across Threat Detection and the broader Security organization so your team's deliverables integrate reliably with the rest of the program.
• →Define and track program metrics: detection coverage, signal quality, model and agent fidelity, evaluation pass rates, incident response readiness, and your team's measurable contribution to security operations outcomes.
• →Evangelize the team's mission inside and outside the Threat Detection organization, communicating progress, tradeoffs, and bets clearly to security leadership and partner teams.
• →Collaborate with the AI Engineering teams and other internal AI initiatives to build on shared infrastructure where it makes sense and invest in security-specific tooling where it does not.

• You have worked in a security operations, detection engineering, or incident response role, building tooling and performing investigations and responding to incidents.
• Strong understanding of modern threat actor techniques and the detection engineering lifecycle.
• Technically credible, with the ability to review detection logic, code (e.g., Python), and the architecture of security systems (AI-driven or otherwise).
• You have built automation systems for security operations workflows: detection platforms, AI-driven detection capabilities, case triage, investigation, response automation, or analyst tooling.
• You have prior experience at a SaaS or cloud infrastructure company where security scale and complexity are first-order challenges.
• You operate with both rigor and pragmatism on production quality. You know when to ship a useful system, when to invest in further evaluation, and when not to ship at all.
• Experienced people leader with a focus on mentorship, team growth, and inclusion.

• You have led or sponsored threat hunts that drove lasting improvements in detection coverage.
• You have translated security research, threat intelligence, or analyst workflows into engineered systems.
• You have designed or operated detection platforms: SIEM pipelines, detection-as-code workflows, CI/CD for security content, or equivalent.
• You have built observability for detection systems: instrumentation for coverage and drift, false positive analysis, or silent failure detection.
• You have built and shipped agentic or ML systems to production. You understand the full lifecycle (data, training, evaluation, deployment, monitoring) and have led teams through it.
• You have designed safety, guardrails, or human-in-the-loop systems for autonomous AI in security domains.

Datadog values people from all walks of life. We understand not everyone will meet all the above qualifications on day one. That's okay. If you’re passionate about technology and want to grow your skills, we encourage you to apply.

Datadog is the leading observability and security platform for the AI era, providing businesses with unified visibility across the technology stack to manage complexity at scale. It brings applications, infrastructure, data, models, and security into one place, using AI to detect and resolve issues before they impact customers. Trusted globally by Fortune 500 companies and high-growth AI leaders, Datadog enables businesses to move faster with clarity and confidence. Learn more about #DatadogLife on Instagram, LinkedIn, and Datadog Learning Center.

Datadog is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and other characteristics protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. Here are our Candidate Legal Notices for your reference. 

Datadog endeavors to make our Careers Page accessible to all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please complete this form. This form is for accommodation requests only and cannot be used to inquire about the status of applications. 

Any information you submit to Datadog as part of your application will be processed in accordance with Datadog’s Applicant and Candidate Privacy Notice. For information on our AI policy, please visit Interviewing at Datadog AI Guidelines.