Job Overview
Location
Hyderabad, India
Job Type
Full-time
Category
Security Engineer
Date Posted
March 18, 2026
Full Job Description
đź“‹ Description
- • As a Security Operations Engineer on Notion’s Detection and Response team, you will play a critical role in safeguarding the company’s cloud-native and SaaS environment by monitoring, investigating, and responding to security events, while serving as the technical and operational lead for security operations in the Hyderabad office.
- • You will take ownership of detection and response workflows, mentor junior engineers, and help scale the team’s capabilities through hands-on leadership and continuous improvement of investigative processes, all while contributing to Notion’s mission of building secure, flexible tools for millions of users worldwide.
- • Day-to-day responsibilities include investigating and responding to security alerts end-to-end—from triage and scoping to containment, remediation, and documentation—ensuring timely and accurate resolution of potential threats.
- • You will participate in a 24/7 on-call rotation as part of a shared team responsibility, responding to security incidents in real time and providing guidance to less-experienced responders during high-pressure situations.
- • Ownership of specific detections, log sources, or investigation workflows will be expected, with a focus on maintaining their quality, reliability, and ongoing improvement through tuning and validation.
- • You will contribute to detection development and tuning by identifying gaps, reducing false positives, and improving signal quality across telemetry sources using tools like Sigma, KQL, Splunk SPL, YAML, or YARA.
- • Supporting incident response efforts by collaborating with cross-functional partners in Security, IT, and Engineering to investigate and resolve security incidents will be a key part of your role.
- • Proactive threat hunting based on threat intelligence, attacker behavior (including MITRE ATT&CK TTPs), and internal telemetry will be conducted to uncover hidden threats before they escalate.
- • You will analyze and correlate logs across cloud, identity, endpoint, and SaaS platforms—including AWS, GCP, Azure, Okta, Google Workspace, and infrastructure systems—to detect suspicious or anomalous behavior.
- • Improving operational processes and documentation, such as runbooks, playbooks, and investigation procedures, will enable consistent and scalable execution as the team grows.
- • Hands-on coaching and technical guidance will be provided to junior responders through investigation reviews, pairing, and real-time incident support, fostering a culture of learning and operational excellence.
- • You will mentor and lead an expanded team of security engineers in Hyderabad, including participating in the hiring and onboarding of additional staff, while continuing to operate as a senior individual contributor.
- • Collaboration with global security engineers and analysts in a high-trust, iterative environment will be central to your success, emphasizing knowledge sharing and continuous improvement.
🎯 Requirements
- • 7+ years of experience in security operations, incident response, detection engineering, or a related security role, including demonstrated experience as a technical lead or mentor for other security engineers.
- • Proven experience triaging and investigating alerts across SIEM, EDR, and cloud-native platforms, with familiarity in detection development and tuning to reduce false positives and improve signal quality.
- • Working knowledge of attacker TTPs and frameworks such as MITRE ATT&CK, along with experience using detection logic or query languages like Sigma, KQL, Splunk SPL, YAML, or YARA to build and refine detections.
- • Experience with scripting or automation (e.g., Python, Bash) to streamline investigations, automate repetitive tasks, and improve analyst workflows in a security operations context.
- • Familiarity with cloud environments (AWS, GCP, Azure) and SaaS platforms (e.g., Okta, Google Workspace), including experience investigating identity and access activity and correlating logs from diverse sources such as authentication, endpoint, and infrastructure systems.
- • Strong understanding of the incident response lifecycle—including investigation, containment, eradication, recovery, and lessons learned—with real-world experience supporting security investigations and documenting findings.
🏖️ Benefits
- • Opportunity to work with a globally distributed, high-trust security team that values learning, iteration, and operational excellence in a mission-driven environment.
- • Hybrid work model with required in-office collaboration on Mondays, Tuesdays, and Thursdays (Anchor Days), fostering in-person teamwork and connection.
- • Access to professional growth through mentoring junior engineers, leading team expansion, and shaping detection and response capabilities at scale.
- • Exposure to cutting-edge cloud and SaaS security technologies, including modern SIEM, EDR, and automation tools used in a fast-growing tech environment.
- • Involvement in meaningful security work that protects millions of users and organizations like Toyota, Figma, and OpenAI who rely on Notion for secure collaboration.
- • Support for continuous learning and skill development in threat hunting, detection engineering, and incident response through hands-on projects and peer collaboration.
Skills & Technologies
Python
AWS
Azure
GCP
Splunk
Onsite
About Notion Labs, Inc.
Notion Labs, Inc. develops a unified workspace platform that combines documents, databases, kanban boards, calendars, and wikis. Headquartered in San Francisco, the company offers collaborative tools for teams and individuals to plan, write, organize, and share knowledge. The software integrates with third-party services and supports real-time editing, templates, and permissions management. Founded in 2013, it serves global users across education, technology, and enterprise sectors, aiming to replace fragmented productivity apps with a single, modular environment.
Get more remote jobs like this
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
