Security Engineer Detection and Response

Notion

Security Engineer Detection and Response

Reposted 56 Minutes Ago

Be an Early Applicant

2 Locations

Hybrid

230K-260K Annually

Senior level

Artificial Intelligence • Productivity • Software

Notion is the AI workspace where teams and AI agents get more done together.

The Role

Build and operate high-signal detections across cloud identity endpoints and SaaS. Improve detection platforms automation and triage tooling (including LLM-based workflows). Translate threat TTPs into telemetry and detections participate in incident response/on-call track metrics like MTTD and alert quality and drive detection engineering improvements across the org.

Summary Generated by Built In

Who We Are

Notion is the collaborative AI workspace where teams and agents think together. We're building one place where your knowledge projects meetings and AI tools live side by side so work is faster clearer and less fragmented. Millions of individuals small teams and large companies run their work on Notion.

Notinos (our employees) are customer zero in bringing this future of work to life. We care about craft building things that last and the belief that great work is still fundamentally human. Our goal isn’t to ship the next feature. Each and every team of Notinos is working to set the standard for how humans work together in the AI era. From building a business’s system of record to making and managing AI agents to automating away the busy work we care deeply about giving our customers more time for their life’s work.

About The Role

Millions of people rely on Notion to do their most important work and protecting that trust is foundational to everything we build.

We’re looking for a hands-on Detection Engineer to build and operate the systems and workflows we use to detect and respond to attacks across Notion’s cloud-native environment. You’ll ship high-signal detections improve the platform that powers them participate in incident response and help shape how detection and response engineering scales at Notion.

You’ll work closely with Engineering Corporate Security and Infrastructure with broad latitude to identify gaps prioritize investments and build what’s needed next.

We view detection and response as a software engineering discipline: detections are code platforms are products and measurement matters

What You'll Achieve

Design and maintain high-signal detections across cloud identity endpoints and SaaS environments.
Build and improve the detection platform including rule lifecycle management tuning measurement and rollout safety.
Develop tooling and automation that accelerate triage enrichment investigation and detection authoring including LLM-based workflows where useful.
Translate threat intelligence and adversary TTPs into durable detections telemetry requirements and response improvements.
Participate in investigations incident response and postmortems that drive long-term security improvements.
Define and track key metrics such as coverage MTTD and alert quality to guide investment decisions.
Participate in a shared on-call rotation for incident response.

Skills You'll Need to Bring

Have 6+ years of experience in detection engineering security operations incident response or threat hunting.
Have built and operated production detections with strong signal quality and sustainable tuning processes.
Are fluent in one or more detection languages such as Sigma KQL SPL YARA-L EQL or Panther.
Have an offensive security mindset and have led purple team blue team or adversary emulation exercises that improved detections and telemetry.
Have strong cloud security experience in AWS GCP or Azure including identity-focused attack detection.
Are hands-on with SIEM EDR and SOAR platforms in large-scale environments.
Communicate clearly through design docs runbooks and incident reports and can drive projects independently.

Nice to Have

Experience applying LLMs or agent-style tooling to security workflows.
Experience securing AI-enabled systems or endpoint tooling.
Kubernetes or container detection experience.
Background in threat intelligence malware analysis or digital forensics.
Contributions to the detection engineering community through research tooling or talks.
Experience at a high-growth startup or AI company

Notion is committed to providing highly competitive cash compensation equity and benefits. The compensation offered for this role will be based on multiple factors such as location the role’s scope and complexity and the candidate’s experience and expertise and may vary from the range provided below. For roles based in San Francisco or New York City the estimated base salary range for this role is $230000 - $260000 per year.

By clicking “Submit Application” I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion’s Global Recruiting Privacy Policy and NYLL 144.

#LI-Onsite

A Note on AI

You don’t need deep AI expertise for every role but we do expect every Notino to be intellectually curious drawn to tinkering and discovery and excited to use AI as a real collaborator in their work. For some roles AI fluency is a core requirement — when that’s the case we'll say so explicitly in the qualifications. People who thrive here don’t treat AI as a novelty. They use it to think better and make their work easier for others to build on.

Equal Opportunity & Accommodations

We hire talented people from a wide range of backgrounds. If you’re excited about this role but don’t meet every bullet we still encourage you to apply. Notion is an equal opportunity employer and does not discriminate on the basis of any legally protected characteristic. Consistent with applicable law we will consider for employment qualified applicants with arrest and conviction records. Notion provides reasonable accommodations during the application process; if you need one please let your recruiter know.

Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race color religion national origin age sex (including pregnancy childbirth or related medical conditions) marital status ancestry physical or mental disability genetic information veteran status gender identity or expression sexual orientation or other applicable legally protected characteristic. Notion considers qualified applicants with criminal histories consistent with applicable federal state and local law. Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability please let your recruiter know.

Skills Required

6+ years of experience in detection engineering security operations incident response or threat hunting.
Built and operated production detections with strong signal quality and sustainable tuning processes.
Fluent in detection languages such as Sigma KQL SPL YARA-L EQL or Panther.
Offensive security mindset and led purple team blue team or adversary emulation exercises.
Strong cloud security experience in AWS GCP or Azure including identity-focused attack detection.
Hands-on with SIEM EDR and SOAR platforms in large-scale environments.
Communicate clearly through design docs runbooks and incident reports; drive projects independently.
Experience applying LLMs or agent-style tooling to security workflows.
Experience securing AI-enabled systems or endpoint tooling.
Kubernetes or container detection experience.
Background in threat intelligence malware analysis or digital forensics.
Contributions to the detection engineering community through research tooling or talks.
Experience at a high-growth startup or AI company.

What the Team is Saying

Notion Compensation & Benefits Highlights

Healthcare Strength—Coverage is described as comprehensive for employees and dependents across medical dental and vision with mental‑health support and EAP included. Some materials indicate fully covered premiums in the U.S. reinforcing strong affordability.
Parental & Family Support—Paid parental leave is provided for biological adoptive and foster parents and employer‑sponsored fertility benefits support treatments and family‑forming services. This breadth signals meaningful support for various paths to parenthood.
Equity Value & Accessibility—Compensation includes equity and a recent liquidity event enabled employees to sell a portion of their shares at a stated valuation. These opportunities increase the practicality of realizing value from stock alongside cash pay.

Learn more about Notion's Compensation & Benefits →

Notion Insights

What's It Like to Work at Notion? Notion Culture & Values Notion Career Growth & Development What's the Work-Life Balance Like at Notion? Notion Leadership & Management Notion Company Growth Stability & Outlook

View all jobs at Notion

View Notion Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: San Francisco CA

1000 Employees

Year Founded: 2016

What We Do

Notion blends your everyday work tools into one. Product roadmap? Company wiki? Meeting notes? With Notion they're all in one place and totally customizable to meet the needs of any workflow. It's the all-in-one workspace for you your team and your whole company. Mission: We humans are toolmakers by nature but most of us can't build or modify the software we use every day — arguably our most powerful tool. Here at Notion we're on a mission to make it possible for everyone to shape the tools that shape their lives.

Why Work With Us

Here at Notion our work shapes our culture and our culture inspires our work. We seek to hire creative toolmakers that want to be the best in their craft. If every employee is able to focus on being the best toolmaker in their craft we'll be able to achieve our mission of enabling the world to better solve its problems.