Notion

Technology

SecurityEngineer,DetectionandResponse

$175–245k ~AI est. San Francisco, California, United States FULL TIME

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Mid+ candidates.

The Brief

“Security Engineer, Detection and Response at Notion. Skills: Detection engineering, Incident response, Cloud security, Threat intelligence. Design high-signal detections. Maintain high-signal detections”

What You'll Achieve.

Ship high-signal detections; Improve detection platform; Shape detection and response engineering; Identify gaps; Prioritize investments; Build what's needed next; Accelerate triage; Accelerate enrichment; Accelerate investigation; Accelerate detection authoring; Drive long-term security improvements; Guide investment decisions

Industry & Context.

Technology

Problems you'll solve

Root cause analysis

Eligibility Requirements

On-call rotation

What They're Looking For.

Must Have

6+ years experience in detection engineering, 6+ years experience in security operations, 6+ years experience in incident response, 6+ years experience in threat hunting, Built and operated production detections, Fluent in Sigma, Fluent in KQL, Fluent in SPL, Fluent in YARA-L, Fluent in EQL, Fluent in Panther, Offensive security mindset, Cloud security experience in AWS, Cloud security experience in GCP, Cloud security experience in Azure, Hands-on with SIEM, Hands-on with EDR, Hands-on with SOAR platforms

Nice to Have

Experience applying LLMs to security workflows, Experience applying agent-style tooling to security workflows, Experience securing AI-enabled systems, Experience securing endpoint tooling, Kubernetes or container detection experience, Background in threat intelligence, Background in malware analysis, Background in digital forensics, Contributions to detection engineering community

What You'll Do.

Design high-signal detections

Maintain high-signal detections

Build detection platform

Improve detection platform

Accelerate enrichment

Accelerate investigation

Accelerate detection authoring

Translate threat intelligence

Translate adversary TTPs

Participate in investigations

Participate in incident response

Participate in postmortems

Participate in on-call rotation

How You'll Work.

Team & Collaboration

Work closely with Engineering; Work closely with Corporate Security; Work closely with Infrastructure

Communication Scope

Communicate clearly; Design docs; Runbooks; Incident reports

Process & Methodology

Drive projects independently

Full Job Description

WHO WE ARE Notion is the collaborative AI workspace where teams and agents think together https://www.youtube.com/watch?v=vkpYpWfEK5s. We're building one place where your knowledge, projects, meetings, and AI tools live side by side, so work is faster, clearer, and less fragmented. Millions of individuals, small teams, and large companies run their work on Notion. Notinos (our employees) are customer zero in bringing this future of work to life. We care about craft, building things that last, and the belief that great work is still fundamentally human. Our goal isn’t to ship the next feature. Each and every team of Notinos is working to set the standard for how humans work together in the AI era. From building a business’s system of record to making and managing AI agents to automating away the busy work, we care deeply about giving our customers more time for their life’s work. ABOUT THE ROLE Millions of people rely on Notion to do their most important work, and protecting that trust is foundational to everything we build. We’re looking for a hands-on Detection Engineer to build and operate the systems and workflows we use to detect and respond to attacks across Notion’s cloud-native environment. You’ll ship high-signal detections, improve the platform that powers them, participate in incident response, and help shape how detection and response engineering scales at Notion. You’ll work closely with Engineering, Corporate Security, and Infrastructure, with broad latitude to identify gaps, prioritize investments, and build what’s needed next. We view detection and response as a software engineering discipline: detections are code, platforms are products, and measurement matters WHAT YOU'LL ACHIEVE - Design and maintain high-signal detections across cloud, identity, endpoints, and SaaS environments. - Build and improve the detection platform, including rule lifecycle management, tuning, measurement, and rollout safety. - Develop tooling and automation that accelerate

Free ATS check

Applying for this Security Engineer, Detection and Response role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 39 detected · ranked by frequency

Detection engineering ×6

Incident response ×6

Cloud security ×6

Security operations ×4

Threat hunting ×4

Threat intelligence ×3

Malware analysis ×3

Digital forensics ×3

SIEM ×2

EDR ×2

SOAR ×2

AWS

GCP

Azure

Identity-focused attack detection

LLM

Kubernetes

Container detection

Rule lifecycle management

Tuning

Measurement

Rollout safety

Triage

Enrichment

Investigation

Detection authoring

Adversary TTPs

Telemetry requirements

Response improvements

Postmortems

Security improvements

Investment decisions

Role Details

Work Mode Onsite

Type FULL TIME

Category security

Salary Band 150k-200k

AI-Extracted Insights

Domain Areas

cloud-native-environmentai-enabled-systemscontainer-detection

How to Apply on Ashby

Ashby is a fast modern ATS — most applications take under 3 minutes.
The resume parser is strong; verify parsed experience dates and job titles.
Custom screening questions are often scored algorithmically — answer completely.
Location field affects geo-based screening; use your actual metro area.

ANONYMOUS · UNFILTERED

What do employees actually say about Notion?

Real rants from real employees. Read before you apply.

Read Company Rants →