Notion

Security Engineer, Detection and Response

San Francisco, California

Found: June 17, 2026

⚠️ This job posting is no longer active and may not be accepting applications. Browse similar live jobs below, or see all current Notion jobs.

Who We Are

Notion is the collaborative AI workspace where teams and agents think together. We're building one place where your knowledge, projects, meetings, and AI tools live side by side, so work is faster, clearer, and less fragmented. Millions of individuals, small teams, and large companies run their work on Notion.

About The Role

We’re looking for a hands-on Detection Engineer to build and operate the systems and workflows we use to detect and respond to attacks across Notion’s cloud-native environment. You’ll ship high-signal detections, improve the platform that powers them, participate in incident response, and help shape how detection and response engineering scales at Notion.

What You'll Achieve

  • Design and maintain high-signal detections across cloud, identity, endpoints, and SaaS environments.
  • Build and improve the detection platform, including rule lifecycle management, tuning, measurement, and rollout safety.
  • Develop tooling and automation that accelerate triage, enrichment, investigation, and detection authoring.
  • Translate threat intelligence and adversary TTPs into durable detections, telemetry requirements, and response improvements.
  • Participate in investigations, incident response, and postmortems that drive long-term security improvements.
  • Define and track key metrics such as coverage, MTTD, and alert quality to guide investment decisions.
  • Participate in a shared on-call rotation for incident response.

Skills You'll Need to Bring

  • Have 6+ years of experience in detection engineering, security operations, incident response, or threat hunting.
  • Have built and operated production detections with strong signal quality and sustainable tuning processes.
  • Are fluent in one or more detection languages such as Sigma, KQL, SPL, YARA-L, EQL, or Panther.
  • Have an offensive security mindset and have led purple team, blue team, or adversary emulation exercises that improved detections and telemetry.
  • Have strong cloud security experience in AWS, GCP, or Azure, including identity-focused attack detection.
  • Are hands-on with SIEM, EDR, and SOAR platforms in large-scale environments.
  • Communicate clearly through design docs, runbooks, and incident reports, and can drive projects independently.

Notion is committed to providing highly competitive cash compensation, equity, and benefits. The compensation offered for this role will be based on multiple factors such as location, the role’s scope and complexity, and the candidate’s experience and expertise, and may vary from the range provided below. For roles based in San Francisco or New York City, the estimated base salary range for this role is $230,000 - $260,000 per year.

Get jobs like this in your inbox daily

Fresh FAANG jobs, every day, filtered for your role and location.

Apple Google Amazon Meta OpenAI Microsoft Nvidia Stripe TikTok Netflix Uber Airbnb Booking Spotify Canva Pinterest
or use email

Similar Big Tech Jobs - Posted in the Past 24h

🔍 Google

Security Engineer, Google Distributed Cloud Air-Gapped Compliance

place Sunnyvale, CA, USA ; Kirkland, WA, USA ; +1 more
🔍 Google

Senior Security Engineer, Agentic Red Team, DeepMind

place Mountain View, CA, USA ; New York, NY, USA ; +1 more
📌 Pinterest

Security Software Engineer II, Detection and Response

San Francisco + 1 other locations

Same role, other locations

📌 Pinterest

Security Software Engineer II, Detection and Response

San Francisco + 1 other locations Remote
👽 Reddit

Senior Security Engineer, AI Security

Remote - United States Remote
Stanislav Prigodich

Hey, I'm Stan

Software Developer & Creator of Top Jobs Today

I'm a software developer, and over time I realized I cared mostly about roles at big tech companies - not just whatever happened to show up on LinkedIn or generic job boards. But those sources weren't enough - some roles were delayed, or never posted at all.

So I built this website to solve that. It scrapes fresh job postings directly from official company sites, figures out what kind of roles they really are, and sends them as email alerts - simple, fast, and focused.

Hope it makes your search easier too. Wishing you the best of luck - and I'm really glad you're here!