Security Engineer, Detection and Response Team

About Us:

We're on a mission to make it possible for every person, team, and company to be able to tailor their software to solve any problem and take on any challenge. Computers may be our most powerful tools, but most of us can't build or modify the software we use on them every day. At Notion, we want to change this with focus, design, and craft.

We've been working on this together since 2016, and have customers like Pixar, Mitsubishi, Figma, Plaid, Match Group, and thousands more on this journey with us. Today, we're growing fast and excited for new teammates to join us who are the best at what they do. We're passionate about building a company as diverse and creative as the millions of people Notion reaches worldwide.

Notion is an in-person company, and currently requires its employees to come to the office for two Anchor Days (Mondays & Thursdays) and requests that employees spend the majority of their week in the office (including a third day).

About The Role:

Millions of people use Notion — and this number is increasing every day. Our users depend on us to deliver a secure and trustworthy experience, and we value this more than anything. We want to keep building on that trust, while also continuing to amaze our users with the tools they can build in Notion. This is where you come in — to help us forge a strong, reliable path forward to the future.

Notion is looking for a talented Security Engineer with solid communication and analytical skills to help us improve and optimize our security monitoring program. We are seeking someone with a mixture of technical ability, attention to detail, and who can function comfortably in a variety of cyber security disciplines. In addition to technical acumen and enthusiasm, we need a self-motivator to stay on top of emerging threats and vulnerabilities to Notion; providing a continuous proactive monitoring approach.

If you're passionate about data privacy and Security, understand the security monitoring process, and enjoy designing creative approaches to provide effective security monitoring at scale. This could be just the opportunity you’ve been looking for.

The Notion application is flexible, powerful and always evolving. With a product that needs to scale to meet the needs of many thousands of businesses globally. They rely on us to protect their data and that of their customers.

Notion’s Security team builds and evolves our detection, response, and security automation capabilities to protect our users and data. We proactively monitor, detect, and investigate threats across Notion’s cloud-native environment, ensuring a resilient security posture. We partner closely with Engineering, Infrastructure, and Security leadership to continuously enhance our ability to respond to emerging threats at scale.

What You'll Achieve:

You will design and implement advanced detections, automate security workflows, lead incident investigations, and conduct proactive threat hunts to identify and mitigate risks before they impact Notion. You will work in a highly collaborative team to evolve security defenses, reduce dwell time, and respond to sophisticated adversaries.

• Lead detection engineering efforts, designing scalable, high-fidelity security detections across cloud, endpoint, and application environments.
• Develop automation & orchestration solutions to improve response and containment times and enhance security workflows.
• Own and drive incident response and command, leading major security incidents, containment, and remediation efforts.
• Conduct proactive threat hunting, leveraging threat intelligence and hypothesis-driven methodologies to detect hidden adversary activity.
• Reverse-engineer attacks, analyzing adversary behavior and developing robust detection strategies.
• Continuously improve security defences, applying lessons learned from incidents, hunting exercises, and emerging threat trends.

Skills You'll Need to Bring:

• 5+ years of experience in security detection, response, or related fields.

Detection Engineering & Automation

• Strong ability to write, tune, and optimise detections across various platforms (e.g., EDR, SIEM, network monitoring).
• Proficiency in scripting and automation (Python, Go, or similar) to enhance detection and response capabilities.
• Experience with detection rule development (Sigma, YARA, Splunk SPL, KQL) and security event correlation.

Incident Response

• Deep expertise in the incident response lifecycle, including investigation, containment, remediation, and recovery.
• Lead security incidents and command response efforts, ensuring rapid containment and mitigation—even in unfamiliar environments and across team boundaries.
• Lead post-incident learning, conducting blameless postmortems and driving follow-up actions that address systemic issues and prevent recurrence.

Cloud Security

• Experience securing cloud-native environments (AWS, GCP, or Azure), including detection and response strategies for cloud workloads.
• Practical knowledge of detecting malicious activity in application and infrastructure architectures in a SaaS environment.
• Ability to assess security gaps and propose detection & response improvements across cloud and endpoint platforms.

Collaboration & Communication

• Pragmatic and business-oriented: You focus on high-impact security efforts, balancing security investments with real-world risk.
• Not ideological about technology: You see technologies and programming languages as tools with tradeoffs—you’re opinionated but adaptable, always willing to learn new technologies.
• Empathetic communication: You clearly articulate complex security issues, whether in technical discussions or executive briefings. You engage thoughtfully in disagreements and find common ground when needed.
• Team player: You thrive in a team environment, collaborating cross-functionally to accomplish shared security goals. You care about mentorship, learning, and continuous improvement.

Nice to Haves:

• Experience leading large-scale security initiatives or driving security automation programs.
• Background in red teaming, adversary emulation, or offensive security.
• Familiarity with application-level detections, such as database security monitoring, detecting malicious queries, or abnormal application behavior.
• Familiarity with security compliance standards (SOC 2, ISO 27001), though not a primary focus.
• Involvement in the security community, such as conference presentations or open-source contributions.

We encourage you to apply even if you don’t meet every single qualification. The right candidate is more than a checklist—we’re looking for curious, security-minded individuals who are excited about Detection & Response. If you’re passionate about security and eager to grow, we’d love to hear from you!

Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Notion.

Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Notion considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please let your recruiter know.

By clicking “Submit Application”, I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion’s Global Recruiting Privacy Policy.

#LI-Onsite