Security Operations Engineer, Detection and Response Team

Notion helps you build beautiful tools for your life’s work. In today's world of endless apps and tabs, Notion provides one place for teams to get everything done, seamlessly connecting docs, notes, projects, calendar, and email—with AI built in to find answers and automate work. Millions of users, from individuals to large organizations like Toyota, Figma, and OpenAI, love Notion for its flexibility and choose it because it helps them save time and money.

In-person collaboration is essential to Notion's culture. We require all team members to work from our offices on Mondays, Tuesdays, and Thursdays, our designated Anchor Days. Certain teams or positions may require additional in-office workdays.

Notion is looking for a talented Security Engineer with solid communication and analytical skills to help us improve and optimize our security monitoring program. We are seeking someone with a mixture of technical ability, attention to detail, and who can function comfortably in a variety of cyber security disciplines. In addition to technical acumen and enthusiasm, we need a self-motivator to stay on top of emerging threats and vulnerabilities to Notion; providing a continuous proactive monitoring approach.

If you're passionate about data privacy and Security, understand the security monitoring process, and enjoy designing creative approaches to provide effective security monitoring at scale. This could be just the opportunity you’ve been looking for.

The Notion application is flexible, powerful and always evolving. With a product that needs to scale to meet the needs of many thousands of businesses globally. They rely on us to protect their data and that of their customers.

Notion’s Security team builds and evolves our detection, response, and security automation capabilities to protect our users and data. We proactively monitor, detect, and investigate threats across Notion’s cloud-native environment, ensuring a resilient security posture. We partner closely with Engineering, Infrastructure, and Security leadership to continuously enhance our ability to respond to emerging threats at scale.

You will design and implement advanced detections, automate security workflows, lead incident investigations, and conduct proactive threat hunts to identify and mitigate risks before they impact Notion. You will work in a highly collaborative team to evolve security defenses, reduce dwell time, and respond to sophisticated adversaries.

• Lead detection engineering efforts, designing scalable, high-fidelity security detections across cloud, endpoint, and application environments.

• Develop automation & orchestration solutions to improve response and containment times and enhance security workflows.

• Own and drive incident response and command, leading major security incidents, containment, and remediation efforts.

• Conduct proactive threat hunting, leveraging threat intelligence and hypothesis-driven methodologies to detect hidden adversary activity.

• Reverse-engineer attacks, analyzing adversary behavior and developing robust detection strategies.

• Continuously improve security defenses, applying lessons learned from incidents, hunting exercises, and emerging threat trends.

5+ years of experience in security detection, response, or related fields.

• Strong ability to write, tune, and optimize detections across various platforms (e.g., EDR, SIEM, network monitoring).

• Proficiency in scripting and automation (Python, Go, or similar) to enhance detection and response capabilities.

• Experience with detection rule development (Sigma, YARA, Splunk SPL, KQL) and security event correlation.

• Deep expertise in the incident response lifecycle, including investigation, containment, remediation, and recovery.

• Lead security incidents and command response efforts, ensuring rapid containment and mitigation—even in unfamiliar environments and across team boundaries.

• Lead post-incident learning, conducting blameless postmortems and driving follow-up actions that address systemic issues and prevent recurrence.

• Experience securing cloud-native environments (AWS, GCP, or Azure), including detection and response strategies for cloud workloads.

• Practical knowledge of detecting malicious activity in application and infrastructure architectures in a SaaS environment.

• Ability to assess security gaps and propose detection & response improvements across cloud and endpoint platforms.

• Pragmatic and business-oriented: You focus on high-impact security efforts, balancing security investments with real-world risk.

• Not ideological about technology: You see technologies and programming languages as tools with tradeoffs—you’re opinionated but adaptable, always willing to learn new technologies.

• Empathetic communication: You clearly articulate complex security issues, whether in technical discussions or executive briefings. You engage thoughtfully in disagreements and find common ground when needed.

• Team player: You thrive in a team environment, collaborating cross-functionally to accomplish shared security goals. You care about mentorship, learning, and continuous improvement.

• You don’t need to be an AI expert, but you’re curious and willing to adopt AI tools to work smarter and deliver better results.

• Experience leading large-scale security initiatives or driving security automation programs.

• Background in red teaming, adversary emulation, or offensive security.

• Familiarity with application-level detections, such as database security monitoring, detecting malicious queries, or abnormal application behavior.

• Familiarity with security compliance standards (SOC 2, ISO 27001), though not a primary focus.

• Involvement in the security community, such as conference presentations or open-source contributions.

We hire talented and passionate people from a variety of backgrounds because we want our global employee base to represent the wide diversity of our customers. If you’re excited about a role but your past experience doesn’t align perfectly with every bullet point listed in the job description, we still encourage you to apply. If you’re a builder at heart, share our company values, and enthusiastic about making software toolmaking ubiquitous, we want to hear from you.

Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Notion considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please let your recruiter know.

By clicking “Submit Application”, I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion’s Global Recruiting Privacy Policy.

#LI-Onsite