Security Operations Engineer, Detection and Response Team

ABOUT US

Notion helps you build beautiful tools for your life’s work. In today's world of endless apps and tabs, Notion provides one place for teams to get everything done, seamlessly connecting docs, notes, projects, calendar, and email—with AI built in to find answers and automate work. Millions of users, from individuals to large organizations like Toyota, Figma, and OpenAI, love Notion for its flexibility and choose it because it helps them save time and money.

In-person collaboration is essential to Notion's culture. We require all team members to work from our offices on Mondays, Tuesdays, and Thursdays, our designated Anchor Days. Certain teams or positions may require additional in-office workdays.


ABOUT THE ROLE

Notion is looking for a Security Operations Engineer to join our Detection and Response team. In this role, you will help monitor, investigate, and respond to security events across Notion’s cloud-native and SaaS-focused environment, while serving as the technical and operational lead for Detection and Response in our Hyderabad office.

This role is well-suited for someone who enjoys hands-on security operations and wants to take on meaningful ownership over investigations, detections, and response workflows over time. Over the course of the year, you will mentor and lead an expanded cast of security engineers in Hyderabad, including the planned hiring and onboarding of additional Security Engineers, while continuing to operate as a senior individual contributor. You’ll work closely with experienced security engineers and analysts globally in a collaborative, high-trust environment that values learning, iteration, and operational excellence.


WHAT YOU’LL ACHIEVE

You will play a key role in protecting Notion’s systems, users, and employees by responding to security events and improving how we detect and respond to threats at scale.

- Investigate and respond to security alerts end-to-end, including triage, scoping, containment, remediation, and documentation.

- Participate in a 24/7 on-call rotation, responding to security alerts and incidents as part of a shared team responsibility.

- Take ownership of specific detections, log sources, or investigation workflows, ensuring their quality, reliability, and ongoing improvement.

- Contribute to detection development and tuning, identifying gaps, reducing false positives, and improving signal quality across telemetry sources.

- Support incident response efforts, working with cross-functional partners to investigate and resolve security incidents.

- Participate in proactive threat hunting, developing hypotheses based on threat intelligence, attacker behavior, and internal telemetry.

- Analyze and correlate logs across cloud, identity, endpoint, and SaaS platforms to identify suspicious or anomalous behavior.

- Improve operational processes and documentation, including runbooks, playbooks, and investigation procedures, to enable consistent execution across a growing