Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Notion

Security Engineer – Detection and Response

Notion

Detection Engineer tasked with building high-quality security detections for Notion's cloud environment. Collaborating with teams on incident response and security improvements.

Posted 6/9/2026full-timeSan Francisco • California, New York • 🇺🇸 United StatesMid-LevelSenior💰 $230,000 - $260,000 per yearWebsite

Tech Stack

Tools & technologies
AWSAzureCloudGoogle Cloud Platform

About the role

Key responsibilities & impact
  • Design and maintain high-signal detections across cloud, identity, endpoints, and SaaS environments.
  • Build and improve the detection platform, including rule lifecycle management, tuning, measurement, and rollout safety.
  • Develop tooling and automation that accelerate triage, enrichment, investigation, and detection authoring, including LLM-based workflows where useful.
  • Translate threat intelligence and adversary TTPs into durable detections, telemetry requirements, and response improvements.
  • Participate in investigations, incident response, and postmortems that drive long-term security improvements.
  • Define and track key metrics such as coverage, MTTD, and alert quality to guide investment decisions.
  • Participate in a shared on-call rotation for incident response.

Requirements

What you’ll need
  • Have 6+ years of experience in detection engineering, security operations, incident response, or threat hunting.
  • Have built and operated production detections with strong signal quality and sustainable tuning processes.
  • Are fluent in one or more detection languages such as Sigma, KQL, SPL, YARA-L, EQL, or Panther.
  • Have an offensive security mindset and have led purple team, blue team, or adversary emulation exercises that improved detections and telemetry.
  • Have strong cloud security experience in AWS, GCP, or Azure, including identity-focused attack detection.
  • Are hands-on with SIEM, EDR, and SOAR platforms in large-scale environments.
  • Communicate clearly through design docs, runbooks, and incident reports, and can drive projects independently.

Benefits

Comp & perks
  • Health insurance
  • Retirement plans
  • Improved work-life balance
  • Professional development opportunities

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
detection engineeringincident responsethreat huntingdetection languagesSigmaKQLSPLYARA-LEQLPanther
Soft Skills
communicationproject managementoffensive security mindsetindependent work