Role Overview
Notion is hiring a senior-level Security Engineer, Detection and Response. This is a full-time remote role, with the team based in San Francisco, California. Part of Notion's Lifecycle hiring. Full responsibilities, required qualifications, and the apply link are listed in the description below.
Salary Context
Salary is not disclosed in this posting. Market median for Senior-level Lifecycle roles is $130k-$184k (based on 34 comparable listings). Many employers share specifics during the interview process or after an initial screen.
Resume Keywords to Include
Make sure these keywords appear in your resume to improve ATS scoring
Job description
WHO WE ARE
Notion is the collaborative AI workspace where teams and agents think together https://www.youtube.com/watch?v=vkpYpWfEK5s. We're building one place where your knowledge, projects, meetings, and AI tools live side by side, so work is faster, clearer, and less fragmented. Millions of individuals, small teams, and large companies run their work on Notion.
Notinos (our employees) are customer zero in bringing this future of work to life. We care about craft, building things that last, and the belief that great work is still fundamentally human. Our goal isn’t to ship the next feature. Each and every team of Notinos is working to set the standard for how humans work together in the AI era. From building a business’s system of record to making and managing AI agents to automating away the busy work, we care deeply about giving our customers more time for their life’s work.
ABOUT THE ROLE
Millions of people rely on Notion to do their most important work, and protecting that trust is foundational to everything we build.
We’re looking for a hands-on Detection Engineer to build and operate the systems and workflows we use to detect and respond to attacks across Notion’s cloud-native environment. You’ll ship high-signal detections, improve the platform that powers them, participate in incident response, and help shape how detection and response engineering scales at Notion.
You’ll work closely with Engineering, Corporate Security, and Infrastructure, with broad latitude to identify gaps, prioritize investments, and build what’s needed next.
We view detection and response as a software engineering discipline: detections are code, platforms are products, and measurement matters
WHAT YOU'LL ACHIEVE
- Design and maintain high-signal detections across cloud, identity, endpoints, and SaaS environments.
- Build and improve the detection platform, including rule lifecycle management, tuning, measurement, and rollout safety.
- Develop tooling and automation that accelerate triage, enrichment, investigation, and detection authoring, including LLM-based workflows where useful.
- Translate threat intelligence and adversary TTPs into durable detections, telemetry requirements, and response improvements.
- Participate in investigations, incident response, and postmortems that drive long-term security improvements.
- Define and track key metrics such as coverage, MTTD, and alert quality to guide investment decisions.
- Participate in a shared on-call rotation for incident response.
SKILLS YOU'LL NEED TO BRING
- Have 6+ years of experience in detection engineering, security operations, incident response, or threat hunting.
- Have built and operated production detections with strong signal quality and sustainable tuning processes.
- Are fluent in one or more detection languages such as Sigma, KQL, SPL, YARA-L, EQL, or Panther.
- Have an offensive security mindset and have led purple team, blue team, or adversary emulation exercises that improved detections and telemetry.
- Have strong cloud security experience in AWS, GCP, or Azure, including identity-focused attack detection.
- Are hands-on with SIEM, EDR, and SOAR platforms in large-scale environments.
- Communicate clearly through design docs, runbooks, and incident reports, and can drive projects independently.
NICE TO HAVE
- Experience applying LLMs or agent-style tooling to security workflows.
- Experience securing AI-enabled systems or endpoint tooling.
- Kubernetes or container detection experience.
- Background in threat intelligence, malware analysis, or digital forensics.
- Contributions to the detection engineering community through research, tooling, or talks.
- Experience at a high-growth startup or AI company
Notion is committed to providing highly competitive cash compensation, equity, and benefits. The compensation offered for this role will be based on multiple factors such as location, the role’s scope and complexity, and the candidate’s experience and expertise, and may vary from the range provided below. For roles based in San Francisco or New York City, the estimated base salary range for this role is $230,000 - $260,000 per year.
By clicking “Submit Application”, I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion’s Global Recruiting Privacy Policy https://notion.notion.site/Notion-Global-Recruiting-Privacy-Policy-fc3eb4e829354a26a2bb6fd5e289b550?pvs=74 and NYLL 144 https://notion.notion.site/Ashby-AI-Bias-Audit-2b0efdeead05803bbbfae159ec86c528.
#LI-Onsite
A NOTE ON AI
You don’t need deep AI expertise for every role, but we do expect every Notino to be intellectually curious, drawn to tinkering and discovery, and excited to use AI as a real collaborator in their work. For some roles, AI fluency is a core requirement — when that’s the case, we'll say so explicitly in the qualifications. People who thrive here don’t treat AI as a novelty. They use it to think better, and make their work easier for others to build on.
EQUAL OPPORTUNITY & ACCOMMODATIONS
We hire talented people from a wide range of backgrounds. If you’re excited about this role but don’t meet every bullet, we still encourage you to apply. Notion is an equal opportunity employer and does not discriminate on the basis of any legally protected characteristic. Consistent with applicable law, we will consider for employment qualified applicants with arrest and conviction records. Notion provides reasonable accommodations during the application process; if you need one, please let your recruiter know.
Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Notion considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please let your recruiter know.
About Notion
Notion
notion.com
68 other open roles at Notion on TryApplyNow.
Frequently Asked Questions
How do I apply for the Security Engineer, Detection and Response position at Notion?
Use the Apply button above to submit your application directly to Notion. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.
Is the Security Engineer, Detection and Response role at Notion remote?
Yes. This is a remote role. The team is based in San Francisco, California, but the position itself does not require relocating to that office.
What does a Security Engineer, Detection and Response at Notion earn?
Notion has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.
When was the Security Engineer, Detection and Response role at Notion posted?
This role was posted on June 10, 2026 (30 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.
How much experience does the Security Engineer, Detection and Response role at Notion require?
This is a senior-level position. Most senior roles call for 5+ years of directly relevant experience. Notion lists their specific requirements in the description below, so review the must-have qualifications closely before applying.
Similar Jobs
More Jobs at Notion
View all →Startup Market Lead, AMER
Notion
Product Marketing Manager, Core Product
Notion
Revenue Transformation Analyst
Notion
Recruiting Program Manager
Notion
Technical Recruiter, Early Career
Notion
AI-powered job search
Get every job scored to your resume
Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.
Get started freeNo credit card to start