Lead Threat Detection and Response Engineer

Most security teams are still chasing alerts, writing playbooks nobody reads, and drowning in work that should have been automated yesterday. This role exists for the engineer who sees that as a solvable problem.

The Company 

Sendbird is on a mission to build the AI workforce of tomorrow. For over a decade, we built the infrastructure behind conversations—chat, voice, video, messaging APIs—and became the #1 CPaaS platform for in-app communications. 4,000+ brands trust us. 7 billion messages flow through our platform every month. 300 million monthly active users.

We powered conversations for DoorDash, Match Group, Noom, Yahoo Sports, Rakuten, and thousands of others. We were good at what we did. Really good.

We also saw it early: AI would fundamentally reshape how businesses talk to customers. The infrastructure we'd spent a decade building would become commoditized. The value would move up the stack—into intelligence, into experience, into outcomes.

We had a choice: protect what we built, or reinvent ourselves.

We chose reinvention.

In December 2024, we made the full strategic pivot to AI-first customer experience. By February 2025, we'd launched our AI agent for enterprise CX—built on a decade of conversation data, now with intelligence on top. And in November 2025, we rebranded to Delight.ai.

The name says it all. AI's real promise isn't efficiency or cost savings. It's giving customers back something they lost—the feeling of being truly understood and cared for. Not satisfied. Delighted.

The Product 

Delight.ai is the AI concierge for customer experience. Most AI agents forget you the moment the conversation ends. Ours doesn't. Delight.ai builds memory over time, learns preferences, and connects context across every channel—chat, SMS, email, voice, WhatsApp—without losing the thread. We're building AI that makes customers feel understood, seen, and remembered.

Why Lead Threat Detection and Response Engineer

We're moving 7 billion messages a month for 300 million users, and our push deeper into enterprise AI only raises the stakes. The detection and response program here is built on one principle: automate first, manual work last. AI isn't an add-on to that philosophy, it's the engine behind it.

This isn't a maintenance role. We're closing detection gaps, building smarter automations, and engineering the security posture that earns trust from the world's largest brands. If you want to build, not just maintain, the timing is right.

The Role

You'll own the evolution of our threat detection and response program, identifying gaps, engineering scalable controls, and leading the team through complex incidents from triage to resolution. You use AI as a primary tool to get there faster and more systematically. The right person here thinks like an engineer first and a security practitioner always.

You might be this person if:

• You treat manual security work as a design flaw. When you spot it, you fix it with code and AI-powered automation, not process docs
• You stay methodical under pressure. When everyone else is stressed during an incident, you're working the problem
• You think in systems. When something breaks, you're already asking what structural change or automated control prevents the next one
• You've mentored engineers and seen it pay off. You view it as a force multiplier, not overhead
• You can explain a complex threat to an executive and a detection logic flaw to an engineer, and you know exactly which mode to be in
• You follow attacker research out of genuine curiosity, not just professional obligation
• You've run red team exercises and walked away with a prioritized list of things to fix and automate

You need to have:

• Hands-on SIEM experience: building, tuning, and owning detections, not just querying them
• Scripting fluency in Python, Bash, or similar, applied to real security problems including automations, detection pipelines, and log parsing. Comfortable using AI tools to accelerate that work
• Experience leading security projects end-to-end, including mentoring other practitioners
• Meaningful AWS security depth
• A track record of driving incident resolution, coordinating across teams, identifying root causes, and closing the loop

What you'll actually do:

• Analyze detection gaps and close them with engineered controls, using AI-assisted tooling to surface patterns and prioritize risks faster
• Build and deploy detections using real software engineering practices: CI/CD pipelines, version control, testing, and validation, with AI tools woven into the development workflow
• Lead incident response from triage through root cause analysis and systematic remediation. Build automations that reduce time-to-response on recurring incident types
• Write and continuously improve incident response playbooks that people actually follow. Use AI to identify gaps, flag drift, and keep them current
• Research emerging attack techniques and translate findings into new detections, using AI tools to accelerate threat modeling and detection drafting
• Run internal red team exercises and tabletop simulations to stress-test controls before attackers do
• Partner with engineering, infrastructure, and product teams to raise Sendbird's overall security posture
• Mentor security team members by reviewing their work, unblocking them, and helping them use AI tools effectively in their day-to-day

Added Value:

• Experience presenting at security conferences or contributing to open source security tooling
• Background in building internal security tools from scratch, including AI-assisted or agentic tooling
• Experience running major security incidents end-to-end as incident commander

Our US benefits include (but are not limited to)

• 20 days PTO, 13 paid US company holidays, 7 sick days, 1 volunteer day, plus 2 rest/rejuvenation days and birthday day off
• Company subsidized medical, dental, vision insurance
• Flexible Spending Accounts
• Parental leave 
• Life and disability insurance
• Be Your Best Self: An annual stipend of $3,500 (prorated after 3 months) for expenses ranging from professional development classes and training, to personality assessments, gym memberships, books, fitness classes, mental health services and massages

Pay Transparency

For cash compensation, we set standard ranges for all roles based on function, level, and geographic location.  To determine our ranges, we utilize a variety of compensation data benchmarked against similar-stage growth companies.   A reasonable estimate of the current salary range for this role is $225,000 - $260,000.  This range is specific to the San Francisco Bay market.  We consider several factors when making final compensation decisions including, but not limited to, skill sets, experience and training, licensure and certifications, and other business and organizational needs which may cause your specific offer to vary from the amount listed above.

Flexible Work Policy

We offer a flexible work schedule at Sendbird.  We also value collaboration and relationship building.  With those values in mind, we require all employees within an hour's commute range of their local office to gather with their team in the office three days per week as a minimum.  Some of our roles require a more frequent in-office schedule.  Please work with your manager to understand the office time requirements for your position.

What diversity and inclusion mean to us

There is no such thing as a perfect candidate and the best employees come from a wide range of backgrounds, experiences, and skill sets. Sendbird is a place where everyone can learn and grow. We respect, promote, and encourage diversity for equal employment opportunities and encourage you to apply if this role excites you.

Why Sendbird

This is a genuine reinvention, not a rebrand. The security team here has real influence over how we build and real ownership over outcomes. If you want to work on a problem that matters at a company moving fast enough for your work to actually land, this is the place.