Application Security Operations Engineer

The job overview for this role is that Notion is seeking a talented Senior Application Security Operations Engineer to improve and optimize their security program. The ideal candidate should have a mixture of technical ability, attention to detail, and be comfortable in offensive and defensive disciplines. They should be passionate about application security, have a proactive approach to assessing platform vulnerabilities, and be able to design effective security defenses at scale. The role will involve working with the Security team to develop and maintain Security Operations and Response capabilities, as well as collaborating with Engineering teams to monitor and detect threats to Notion's infrastructure and platform.

• Help improve and optimize the security program at Notion
• Stay updated on emerging threats and vulnerabilities to Notion's platform
• Hunt for vulnerabilities and design effective security defenses at scale
• Develop and maintain security operations and response capabilities
• Orchestrate processes through a security information and event management system
• Maintain, implement, and own various security tools and dashboards
• Plan and kick-off penetration testing with third parties
• Detect, defend, and respond to threats to Notion and its user base
• Conduct research and develop new security tools and technologies
• Manage vulnerability management program and mitigate application layer vulnerabilities
• Participate in responsible disclosure program by reproducing and reporting vulnerabilities
• Foster relationships with engineering teams to effectively monitor application and infrastructure
• Have at least 3 years of experience in an application or product security focused role
• Strong experience in finding and reproducing bugs in software
• Expertise in security architecture and building systems or tooling to secure cloud environments
• Familiarity with attack frameworks and SOC disciplines for security monitoring and response
• Pragmatic and business-oriented approach to prioritize projects and balance security investments
• Not ideological about technology, but focused on tradeoffs and practicality.

• At least 3 years working in an application or product security focused role
• Strong experience finding and reproducing bugs in software and demonstrating how they can be exploited
• Ability to drive the strategy for AppSecOps engineering with a risk-focused approach
• Experience building systems or tooling to secure and monitor cloud environments
• Familiarity with attack frameworks and closing gaps in detection capabilities
• Understanding of SOC disciplines and comfortable working in various roles
• Knowledge of the incident response lifecycle and ability to be on an on-call rotation
• Ability to prioritize projects based on business impact and model threat risks
• Pragmatic approach to security investments and balancing with bottom line outcomes
• Open-minded about technologies and programming languages, focusing on tradeoffs rather than ideology

• Competitive cash compensation and equity
• Comprehensive benefits package
• Opportunity to work with a rapidly growing Security team
• Chance to contribute to the development and maintenance of Security Operations and Response capabilities
• Exposure to the latest attacks and threat intelligence
• Ownership of various security tools and dashboards
• Involvement in penetration testing and vulnerability management
• Collaboration with Engineering teams to ensure effective monitoring of application and infrastructure
• Opportunity to conduct research and develop new security tools and technologies
• Inclusion in responsible disclosure program for reporting vulnerabilities
• Ability to work in a collaborative and cross-functional team environment
• Equal opportunity employer with a commitment to diversity and inclusion
• Reasonable accommodations for individuals with disabilities
• Highly competitive compensation and benefits package based on location and experience