Lead Threat Detection and Response Engineer

Most security teams are still chasing alerts, writing playbooks nobody reads, and drowning in work that should have been automated yesterday. This role exists for the engineer who sees that as a solvable problem.

The Company 

Sendbird is on a mission to build the AI workforce of tomorrow. For over a decade, we built the infrastructure behind conversations—chat, voice, video, messaging APIs—and became the #1 CPaaS platform for in-app communications. 4,000+ brands trust us. 7 billion messages flow through our platform every month. 300 million monthly active users.

We powered conversations for DoorDash, Match Group, Noom, Yahoo Sports, Rakuten, and thousands of others. We were good at what we did. Really good.

We also saw it early: AI would fundamentally reshape how businesses talk to customers. The infrastructure we'd spent a decade building would become commoditized. The value would move up the stack—into intelligence, into experience, into outcomes.

We had a choice: protect what we built, or reinvent ourselves.

We chose reinvention.

In December 2024, we made the full strategic pivot to AI-first customer experience. By February 2025, we'd launched our AI agent for enterprise CX—built on a decade of conversation data, now with intelligence on top. And in November 2025, we rebranded to Delight.ai.

The name says it all. AI's real promise isn't efficiency or cost savings. It's giving customers back something they lost—the feeling of being truly understood and cared for. Not satisfied. Delighted.

The Product 

Delight.ai is the AI concierge for customer experience. Most AI agents forget you the moment the conversation ends. Ours doesn't. Delight.ai builds memory over time, learns preferences, and connects context across every channel—chat, SMS, email, voice, WhatsApp—without losing the thread. We're building AI that makes customers feel understood, seen, and remembered.

Why Lead Threat Detection and Response Engineer

We're moving 7 billion messages a month for 300 million users, and our push deeper into enterprise AI only raises the stakes. The detection and response program here is built on one principle: automate first, manual work last. AI isn't an add-on to that philosophy, it's the engine behind it.

This isn't a maintenance role. We're closing detection gaps, building smarter automations, and engineering the security posture that earns trust from the world's largest brands. If you want to build, not just maintain, the timing is right.

The Role

You'll own the evolution of our threat detection and response program, identifying gaps, engineering scalable controls, and leading the team through complex incidents from triage to resolution. You use AI as a primary tool to get there faster and more systematically. The right person here thinks like an engineer first and a security practitioner always.

You might be this person if:

• You treat manual security work as a design flaw. When you spot it, you fix it with code and AI-powered automation, not process docs
• You stay methodical under pressure. When everyone else is stressed during an incident, you're working the problem
• You think in systems. When something breaks, you're already asking what structural change or automated control prevents the next one
• You've mentored engineers and seen it pay off. You view it as a force multiplier, not overhead
• You can explain a complex threat to an executive and a detection logic flaw to an engineer, and you know exactly which mode to be in
• You follow attacker research out of genuine curiosity, not just professional obligation
• You've run red team exercises and walked away with a prioritized list of things to fix and automate

You need to have:

• Hands-on SIEM experience: building, tuning, and owning detections, not just querying them
• Scripting fluency in Python, Bash, or similar, applied to real security problems including automations, detection pipelines, and log parsing. Comfortable using AI tools to accelerate that work
• Experience leading security projects end-to-end, including mentoring other practitioners
• Meaningful AWS security depth
• A track record of driving inciden