Security Engineer, Detection and Response

Protecting Notion's cloud-native environment from attacks by building and operating detection systems.

• •Protecting Notion's cloud-native environment from attacks by building and operating detection systems.
• •Key Responsibilities Design and maintain high-signal detections across cloud, identity, endpoints, and SaaS environments.
• •Build and improve the detection platform, including rule lifecycle management, tuning, measurement, and rollout safety.
• •Develop tooling and automation that accelerate triage, enrichment, investigation, and detection authoring.
• •Translate threat intelligence and adversary TTPs into durable detections, telemetry requirements, and response improvements.
• •Participate in investigations, incident response, and postmortems that drive long-term security improvements.
• •Requirements 6+ years of experience in detection engineering, security operations, incident response, or threat hunting.
• •Fluent in one or more detection languages such as Sigma, KQL, SPL, YARA-L, EQL, or Panther.
• •Strong cloud security experience in AWS, GCP, or Azure, including identity-focused attack detection.
• •Hands-on with SIEM, EDR, and SOAR platforms in large-scale environments.