Engineering Manager, Detect & Respond

About Betterment

Betterment is a leading, technology-driven financial services company that offers investing, savings and retirement solutions for retail investors and investment advisors as well as financial wellness solutions, including a 401(k) for small and medium-sized businesses. Our team is passionate about our mission, to empower people to build wealth with confidence and ease.  We’re headquartered in NYC and offer hybrid NY-based positions (four days/ week in-office, with no required office days during the summer and winter holidays).

About the Role

Betterment's mission is to make people's lives better through smarter financial tools, and protecting that trust is where security comes in. As Engineering Manager of Detection Engineering, you'll lead the team responsible for building and operating Betterment's security detection capabilities. You'll own the strategy and execution for how we detect threats across our cloud infrastructure, SaaS ecosystem, and product, giving your team the direction and support they need to do their best work.

You'll partner closely with Security Engineering, IT, Risk, and Engineering leadership to mature our detection program, balancing the delivery of new capabilities with the operational rigor our customers and business depend on. You'll be a hands-on leader who can go deep on the work while also driving the roadmap, growing your team, and translating security priorities into engineering outcomes.

This role is based out of our NYC office. Below we've reflected the base salary range for this position. Actual salaries may vary depending on factors including but not limited to location, experience, and performance. The range listed is just one component of Betterment’s total compensation package for employees. 

• New York City: $175,000 - $215,000

This job may also be eligible for variable compensation in the form of a company incentive bonus. 

A Day in the Life:

• Detection Program Strategy: Help own, drive, and execute the Detection Engineering roadmap, balancing new capability development with the operational health of existing systems, including driving threat-informed, TTP-aligned detection development across the team.
• Detection Quality: Work with engineers and the business to maintain and refine the measurement framework for detection health, coverage, precision, false positive rates, and safe rollout practices, holding the team to a continuously improving bar.
• Threat Modeling: Set expectations for how the team engages with engineering and infrastructure partners on new systems, ensuring D&R requirements (telemetry, threat models, response playbooks) are defined before systems ship.
• Incident Response Leadership: Lead or oversee the team's response to security incidents, ensuring clear ownership, fast time-to-contain, and strong post-incident review practices.
• Team Leadership: Lead, mentor, and grow a team of detection engineers, investing in their craft and careers.
• External SOC Partnership: Partner with our external SOC to define scope, improve triage quality, and identify opportunities to hand off well-defined alert handling.
• Cross-functional Collaboration: Collaborate with IT, Risk, Compliance, and the broader Security Engineering team to understand security priorities and translate them into engineering work. Represent Detection Engineering across the organization, making security work legible to non-security teams and building strong stakeholder relationships.
• Engineering Quality: Hold a high bar for engineering quality, automated testing, proper observability, documented runbooks, and maintainable code.
• Compliance: Lead the team through audits (SOC 2, ISO 27001, etc.), ensuring detection infrastructure supports compliance evidence and control requirements.

What We're Looking For:

We are seeking a team member with 7+ years in security engineering or operations, with 2+ years managing security or detection engineering teams including senior engineers.

• Player-Coach: A track record as a true player-coach, comfortable going deep on technical problems while also leading people and programs.
• Detection Expertise: Strong background in SIEM platforms (Splunk preferred), detection-as-code practices, and threat-informed detection development including familiarity with adversary TTPs and frameworks like MITRE ATT&CK.
• Incident Response: Experience leading or overseeing incident response, including establishing IR playbooks and driving post-incident review practices.
• External SOC: Experience working with or managing an external SOC, including defining escalation paths and performance expectations.
• Cloud & Tooling: Familiarity with cloud environments (AWS), endpoint security (CrowdStrike or similar), and identity platforms (Okta or similar).
• Engineering Quality: Passion for engineering quality, you hold the team to the same standards as any product engineering team.
• Compliance: Experience collaborating with Compliance, Risk, and Audit teams on security controls and evidence collection.
• Communication: Clear, direct communicator who can translate security context for technical and non-technical audiences alike.