Security Operations Engineer, Detection And Response Team (Hyderabad)

About Us Notion helps you build beautiful tools for your life s work In today s world of endless apps and tabs Notion provides one place for teams to get everything done seamlessly connecting docs notes projects calendar and email-with AI built in to find answers and automate work Millions of users from individuals to large organizations like Toyota Figma and OpenAI love Notion for its flexibility and choose it because it helps them save time and money In-person collaboration is essential to Notion s culture We require all team members to work from our offices on Mondays and Thursdays our designated Anchor Days Certain teams or positions may require additional in-office workdays About the Role Millions of people rely on Notion to do their most significant work Protecting that trust is foundational to everything we build Notion is looking for a Security Operations Analyst to join our Detection and Response team In this role you will help monitor investigate and respond to security events across Notion s cloud-native and SaaS-focused environment while contributing to the continuous improvement of our detection and response capabilities This role is well-suited for someone who enjoys hands-on security operations and wants to take on meaningful ownership over investigations detections and response workflows over time You ll work closely with experienced security engineers and analysts in a collaborative high-trust environment that values learning iteration and operational excellence What You ll Achieve You will play a key role in protecting Notion s systems users and employees by responding to security events and improving how we detect and respond to threats at scale Investigate and respond to security alerts end-to-end including triage scoping containment remediation and documentation Participate in a 24 7 on-call rotation responding to security alerts and incidents as part of a shared team responsibility Take ownership of specific detections log sources or investigation workflows ensuring their quality reliability and ongoing improvement Contribute to detection development and tuning identifying gaps reducing false positives and improving signal quality across telemetry sources Support incident response efforts working with cross-functional partners to investigate and resolve security incidents Participate in proactive threat hunting developing hypotheses based on threat intelligence attacker behavior and internal telemetry Analyze and correlate logs across cloud identity endpoint and SaaS platforms to identify suspicious or anomalous behavior Improve operational processes and documentation including runbooks playbooks and investigation procedures Skills You ll Need to Bring 5 years of experience in security operations incident response detection engineering or a related security role Security Monitoring Detection Experience triaging and investigating alerts across SIEM EDR and cloud-native platforms Familiarity with detection development and tuning including rule logic and false-positive reduction Working knowledge of attacker TTPs and frameworks such as MITRE ATT CK and how to detect them using available telemetry Incident Response Understanding of the incident response lifecycle including investigation containment eradication recovery and lessons learned Experience supporting real-world security investigations and documenting findings Ability to collaborate effectively with partners across Security IT and Engineering Cloud SaaS Security Familiarity with cloud environments e g AWS GCP Azure and common security risks Experience investigating identity and access activity in systems such as Okta Google Workspace or cloud IAM platforms Comfort working with logs from diverse sources including authentication endpoint and infrastructure systems Collaboration Communication Clear and thoughtful communicator who can explain technical issues to varied audiences Strong documentation skills to support consistent repeatable incident handling Comfortable working across teams to solve complex security problems Nice to Haves Experience with scripting or automation e g Python Bash to streamline investigations or improve analyst workflows Familiarity with detection logic or query languages such as Sigma KQL Splunk SPL YAML or YARA Security certifications such as Security GCIH or equivalent Exposure to compliance or risk frameworks such as SOC 2 or ISO 27001 Engagement with the security community through open source blogs talks or research On-Call Operations This role participates in a 24 7 on-call rotation as part of the Detection and Response team On-call responsibilities include investigating alerts responding to incidents escalating when appropriate and following established response procedures The team continuously works to improve detection quality and operational processes to maintain sustainable on-call practices Not Sure If You Meet Every Requirement We encourage you to apply even if you don t meet every qualification We re looking for curious security-minded individuals who are excited about Detection Response and eager to grow their skills while protecting millions of Notion users We hire talented and passionate people from a variety of backgrounds because we want our global employee base to represent the wide diversity of our customers If you re excited about a role but your past experience doesn t align perfectly with every bullet point listed in the job description we still encourage you to apply If you re a builder at heart share our company values and enthusiastic about making software toolmaking ubiquitous we want to hear from you Notion is proud to be an equal opportunity employer We do not discriminate in hiring or any employment decision based on race color religion national origin age sex including pregnancy childbirth or related medical conditions marital status ancestry physical or mental disability genetic information veteran status gender identity or expression sexual orientation or other applicable legally protected characteristic Notion considers qualified applicants with criminal histories consistent with applicable federal state and local law Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures If you need assistance or an accommodation due to a disability please let your recruiter know By clicking Submit Application I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion s LI-Onsite