Jobs · Information Technology · California

Security Engineer, Detection and Response

Fresh Ventures · San Francisco, CA · Today
On-siteInformation Technology$230k–$260k/yrFull-time

About the role

Millions of people rely on Notion to do their most important work, and protecting that trust is foundational to everything we build. We’re looking for a hands-on Detection Engineer to build and operate the systems and workflows we use to detect and respond to attacks across Notion’s cloud-native environment.

Responsibilities

  • Design and maintain high-signal detections across cloud, identity, endpoints, and SaaS environments.
  • Build and improve the detection platform, including rule lifecycle management, tuning, measurement, and rollout safety.
  • Develop tooling and automation that accelerate triage, enrichment, investigation, and detection authoring, including LLM-based workflows where useful.
  • Translate threat intelligence and adversary TTPs into durable detections, telemetry requirements, and response improvements.
  • Participate in investigations, incident response, and postmortems that drive long-term security improvements.
  • Define and track key metrics such as coverage, MTTD, and alert quality to guide investment decisions.
  • Participate in a shared on-call rotation for incident response.

Requirements

  • Have 6+ years of experience in detection engineering, security operations, incident response, or threat hunting.
  • Have built and operated production detections with strong signal quality and sustainable tuning processes.
  • Be fluent in one or more detection languages such as Sigma, KQL, SPL, YARA-L, EQL, or Panther.
  • Have an offensive security mindset and have led purple team, blue team, or adversary emulation exercises that improved detections and telemetry.
  • Have strong cloud security experience in AWS, GCP, or Azure, including identity-focused attack detection.
  • Be hands-on with SIEM, EDR, and SOAR platforms in large-scale environments.
  • Communicate clearly through design docs, runbooks, and incident reports, and can drive projects independently.

Skills

  • Have 6+ years of experience in detection engineering, security operations, incident response, or threat hunting.
  • Have built and operated production detections with strong signal quality and sustainable tuning processes.
  • Be fluent in one or more detection languages such as Sigma, KQL, SPL, YARA-L, EQL, or Panther.
  • Have an offensive security mindset and have led purple team, blue team, or adversary emulation exercises that improved detections and telemetry.
  • Have strong cloud security experience in AWS, GCP, or Azure, including identity-focused attack detection.
  • Be hands-on with SIEM, EDR, and SOAR platforms in large-scale environments.
  • Communicate clearly through design docs, runbooks, and incident reports, and can drive projects independently.

Nice to Have

  • Experience applying LLMs or agent-style tooling to security workflows.
  • Experience securing AI-enabled systems or endpoint tooling.
  • Kubernetes or container detection experience.
  • Background in threat intelligence, malware analysis, or digital forensics.
  • Contributions to the detection engineering community through research, tooling, or talks.
  • Experience at a high-growth startup or AI company.

Similar jobs