HireHere
Notion

Security Operations Engineer, Detection and Response Team

Notion Remote 1 day ago
security

About Us:

Notion helps you build beautiful tools for your life’s work. In today's world of endless apps and tabs, Notion provides one place for teams to get everything done, seamlessly connecting docs, notes, projects, calendar, and email—with AI built in to find answers and automate work. Millions of users, from individuals to large organizations like Toyota, Figma, and OpenAI, love Notion for its flexibility and choose it because it helps them save time and money.

In-person collaboration is essential to Notion's culture. We require all team members to work from our offices on Mondays and Thursdays, our designated Anchor Days. Certain teams or positions may require additional in-office workdays.

About the Role:

Millions of people rely on Notion to do their most important work. Protecting that trust is foundational to everything we build.

Notion is looking for a Security Operations Analyst to join our Detection and Response team. In this role, you will help monitor, investigate, and respond to security events across Notion’s cloud-native and SaaS-focused environment, while contributing to the continuous improvement of our detection and response capabilities.

This role is well-suited for someone who enjoys hands-on security operations and wants to take on meaningful ownership over investigations, detections, and response workflows over time. You’ll work closely with experienced security engineers and analysts in a collaborative, high-trust environment that values learning, iteration, and operational excellence.

What You'll Achieve:

You will play a key role in protecting Notion’s systems, users, and employees by responding to security events and improving how we detect and respond to threats at scale.

  • Investigate and respond to security alerts end-to-end, including triage, scoping, containment, remediation, and documentation.

  • Participate in a 24/7 on-call rotation, responding to security alerts and incidents as part of a shared team responsibility.

  • Take ownership of specific detections, log sources, or investigation workflows, ensuring their quality, reliability, and ongoing improvement.

  • Contribute to detection development and tuning, identifying gaps, reducing false positives, and improving signal quality across telemetry sources.

  • Support incident response efforts, working with cross-functional partners to investigate and resolve security incidents.

  • Participate in proactive threat hunting, developing hypotheses based on threat intelligence, attacker behavior, and internal telemetry.

  • Analyze and correlate logs across cloud, identity, endpoint, and SaaS platforms to identify suspicious or anomalous behavior.

  • Improve operational processes and documentation, including runbooks, playbooks, and investigation procedures.

Skills You'll Need to Bring:

5+ years of experience in security operations, incident response, detection engineering, or a related security role.

Security Monitoring & Detection

  • Experience triaging and investigating alerts across SIEM, EDR, and cloud-native platforms.

  • Familiarity with detection development and tuning, including rule logic and false-positive reduction.

  • Working knowledge of attacker TTPs and frameworks such as MITRE ATT&CK, and how to detect them using available telemetry.

Incident Response

  • Understanding of the incident response lifecycle, including investigation, containment, eradication, recovery, and lessons learned.

  • Experience supporting real-world security investigations and documenting findings.

  • Ability to collaborate effectively with partners across Security, IT, and Engineering.

Cloud & SaaS Security

  • Familiarity with cloud environments (e.g., AWS, GCP, Azure) and common security risks.

  • Experience investigating identity and access activity in systems such as Okta, Google Workspace, or cloud IAM platforms.

  • Comfort working with logs from diverse sources, including authentication, endpoint, and infrastructure systems.

Collaboration & Communication

  • Clear and thoughtful communicator who can explain technical issues to varied audiences.

  • Strong documentation skills to support consistent, repeatable incident handling.

  • Comfortable working across teams to solve complex security problems.

Nice to Haves:

  • Experience with scripting or automation (e.g., Python, Bash) to streamline investigations or improve analyst workflows.

  • Familiarity with detection logic or query languages such as Sigma, KQL, Splunk SPL, YAML, or YARA.

  • Security certifications such as Security+, GCIH, or equivalent.

  • Exposure to compliance or risk frameworks such as SOC 2 or ISO 27001.

  • Engagement with the security community through open source, blogs, talks, or research.

On-Call & Operations

  • This role participates in a 24/7 on-call rotation as part of the Detection and Response team.

  • On-call responsibilities include investigating alerts, responding to incidents, escalating when appropriate, and following established response procedures.

  • The team continuously works to improve detection quality and operational processes to maintain sustainable on-call practices.

Not Sure If You Meet Every Requirement?

We encourage you to apply even if you don’t meet every qualification. We’re looking for curious, security-minded individuals who are excited about Detection & Response and eager to grow their skills while protecting millions of Notion users.

We hire talented and passionate people from a variety of backgrounds because we want our global employee base to represent the wide diversity of our customers. If you’re excited about a role but your past experience doesn’t align perfectly with every bullet point listed in the job description, we still encourage you to apply. If you’re a builder at heart, share our company values, and enthusiastic about making software toolmaking ubiquitous, we want to hear from you.

Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Notion considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please let your recruiter know.

By clicking “Submit Application”, I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion’s Global Recruiting Privacy Policy.

#LI-Onsite

Sponsored

Explore Security

All Security Jobs Security Salaries Remote Security Jobs

Skills in this job

Python

People also search for

Security jobs Notion jobs Remote jobs

Similar Jobs

Ramp

Security Analyst | Detection & Response

Ramp

Security
Raya

Senior Threat Detection and Response Engineer - Blue Team

Raya

Security Remote
Alignerr

Incident Response Lead, Cyber Security

Alignerr

Security
Sutherland

DES2 - Security Operations Engineer

Sutherland

Security
ESO

Senior Security Operations Engineer

ESO

Security

More jobs at Notion

Notion

GTM People Partner Lead

Notion

HR
Notion

Business Recruiter - Foundation (G&A)

Notion

HR
Notion

Software Engineer, Primitive Foundations

Notion

Engineering
Notion

Customer Success Manager, Enterprise, DACH

Notion

Support
Notion

Talent Sourcer, APAC

Notion

HR
Report this job
Sign In to Apply