# Security Engineer, Detection and Response

**Company:** [Notion](https://hotfix.jobs/companies/notion)
**Location:** San Francisco, CA, New York, NY
**Role:** Security Engineering
**Salary:** $230k – $260k/yr
**Experience:** 6+ years
**Skills:** Sigma, Kql, Spl, Yara-L, Eql, Panther, SIEM, Edr, Soar, AWS, GCP, Azure, Threat Hunting, Incident Response, Purple Teaming
**Posted:** 2026-06-09

> Build and operate detection systems for cloud, identity, endpoints, and SaaS. Design high-signal detections, improve detection platforms, and participate in incident response.

## Job Description

## What You'll Achieve
- Design and maintain high-signal detections across cloud, identity, endpoints, and SaaS environments.
- Build and improve the detection platform, including rule lifecycle management, tuning, measurement, and rollout safety.
- Develop tooling and automation that accelerate triage, enrichment, investigation, and detection authoring, including LLM-based workflows where useful.
- Translate threat intelligence and adversary TTPs into durable detections, telemetry requirements, and response improvements.
- Participate in investigations, incident response, and postmortems that drive long-term security improvements.
- Define and track key metrics such as coverage, MTTD, and alert quality to guide investment decisions.
- Participate in a shared on-call rotation for incident response.

## Skills You'll Need to Bring
- 6+ years of experience in detection engineering, security operations, incident response, or threat hunting.
- Built and operated production detections with strong signal quality and sustainable tuning processes.
- Fluent in one or more detection languages such as Sigma, KQL, SPL, YARA-L, EQL, or Panther.
- Offensive security mindset with experience leading purple team, blue team, or adversary emulation exercises that improved detections and telemetry.
- Strong cloud security experience in AWS, GCP, or Azure, including identity-focused attack detection.
- Hands-on with SIEM, EDR, and SOAR platforms in large-scale environments.
- Communicate clearly through design docs, runbooks, and incident reports, and can drive projects independently.

## Nice to Have
- Experience applying LLMs or agent-style tooling to security workflows.
- Experience securing AI-enabled systems or endpoint tooling.
- Kubernetes or container detection experience.
- Background in threat intelligence, malware analysis, or digital forensics.
- Contributions to the detection engineering community through research, tooling, or talks.
- Experience at a high-growth startup or AI company.

## Similar roles

- [Senior Engineer, Agentic Identity](https://hotfix.jobs/jobs/854f4cd6-219a-48bf-b2b4-4cdaef0947e3) - Baselayer - San Francisco, CA - $230k – $340k/yr
- [Manager, GRC Subject Matter Experts, Product](https://hotfix.jobs/jobs/36e666cc-cc41-42c2-a93f-0fd3c7363c35) - Vanta - Remote - $230k – $311k/yr
- [Security Engineer - Tech Lead](https://hotfix.jobs/jobs/8cfaaaab-7daf-4731-8dc4-6131fca0e597) - Luma AI - Palo Alto, CA - $230k – $360k/yr
- [Security Architecture Lead](https://hotfix.jobs/jobs/f0fce5f5-9d5e-42ec-ade2-3a5d749ca2f8) - Replit - Foster City, CA - $228k – $363k/yr
- [Senior Security Engineer](https://hotfix.jobs/jobs/62309998-452a-45f9-8dd9-ed880eb50a2d) - Vanta - Remote - $227k – $267k/yr

**Apply:** https://hotfix.jobs/jobs/ad36f4af-adb4-4f56-9cf2-412bc3302227
**Canonical:** https://hotfix.jobs/jobs/ad36f4af-adb4-4f56-9cf2-412bc3302227