Skip to main content

notion

Security Engineer, Detection and Response

San Francisco, California (Remote)fulltimemid

About this role

Notion seeks an experienced Detection Engineer to build and operate security detection systems protecting millions of users in their cloud-native environment. You'll design high-signal detections, improve detection platforms, develop automation tooling, and participate in incident response while working cross-functionally with engineering and infrastructure teams.

What you'll do

  • Design and maintain detections across cloud, identity, endpoints, and SaaS environments with strong signal quality
  • Build and improve detection platforms including rule lifecycle management, tuning, and safe rollouts
  • Develop tooling and automation for triage, investigation, and detection authoring using modern approaches
  • Convert threat intelligence and adversary tactics into durable detections and telemetry requirements
  • Participate in incident investigations, response, and postmortems to drive security improvements
  • Define and track key metrics like coverage, MTTD, and alert quality to guide investment decisions

What they're looking for

  • 6+ years in detection engineering, security operations, incident response, or threat hunting
  • Proficiency in detection languages such as Sigma, KQL, SPL, YARA-L, EQL, or Panther
  • Strong cloud security experience in AWS, GCP, or Azure including identity-focused attack detection
  • Hands-on experience with SIEM, EDR, and SOAR platforms at scale
  • Offensive security mindset with experience leading purple team or adversary emulation exercises
  • Experience building and operating production detections with sustainable tuning processes
  • Clear communication through technical documentation, runbooks, and incident reports
  • Ability to independently drive projects and identify security gaps

Benefits

  • Competitive base salary range of $230,000 - $260,000 per year (San Francisco/NYC)
  • Equity compensation
  • Highly competitive benefits package
  • On-call incident response rotation
  • Cross-functional collaboration with engineering and infrastructure teams
  • Opportunity to work on AI-enabled security systems at a high-growth company
Apply on the employer's site

Opens the official application on the employer’s site. No login required.