About the Role:Millions of people rely on Notion to do their most important work. Protecting that trust starts with protecting the people who build Notion: our employees, their laptops, their identities, and the SaaS apps they rely on every day.
We are looking for a hands-on Corporate Security Engineer to own and improve the technical controls that keep our workforce and corporate environment safe. This is a security engineering role focused on building scalable controls and automation across identity, endpoints, SaaS, and workforce infrastructure, not a traditional IT support or corporate engineering role.
You'll own and evolve core security controls, design systems and automation that scale with the company, and help make security both stronger and easier to use. You'll partner closely with IT, Infrastructure, GRC, and Detection & Response to improve the security foundations that employees rely on every day.
What You'll Achieve:- Harden our identity and access management stack, including Okta and Google Workspace, with phishing-resistant MFA, strong SSO and SCIM lifecycles, and least-privilege access across SaaS.
- Run our endpoint security program across a macOS-first fleet, including MDM, EDR, and configuration baselines, with working coverage for Windows and ChromeOS.
- Secure AI tool usage at the endpoint, including governance of large language models, AI agents, and model context protocol (MCP) integrations; detect and prevent unauthorized or risky AI service access and data exfiltration through AI-enabled tools.
- Reduce SaaS risk at scale through SSPM tooling and custom automation, including detection of risky OAuth grants, excessive permissions, shadow IT, and configuration drift.
- Write code (Python, Terraform) to automate access reviews, onboarding and offboarding, configuration drift detection, and audit evidence collection.
- Partner with Detection & Response to ensure corporate systems produce the telemetry needed to detect identity, endpoint, and SaaS abuse.
- Support SOC 2, ISO 27001, and customer audits as a byproduct of good engineering, not a separate workstream.
- Partner with Detection & Response on investigation and response for corporate security incidents, including phishing, account compromise, lost devices, and BEC.
Nice to Haves:- Experience at a fast-growing tech or AI company where the security program had to outpace headcount.
- A background in IT engineering, SRE, or production engineering that transitioned into security engineering.
- Experience building internal security tooling or workflows that improved employee or developer experience.
- Contributions to the security community through open-source tools, blog posts, or conference talks.
We hire talented and passionate people from a variety of backgrounds because we want our global employee base to represent the wide diversity of our customers. If you're excited about a role but your past experience doesn't align perfectly with every bullet point listed in the job description, we still encourage you to apply. If you're a builder at heart, share our company values, and enthusiastic about making software toolmaking ubiquitous, we want to hear from you.
Notion is committed to providing highly competitive cash compensation, equity, and benefits. The compensation offered for this role will be based on multiple factors such as location, the role's scope and complexity, and the candidate's experience and expertise, and may vary from the range provided below. For roles based in San Francisco or New York City, the estimated base salary range for this role is $220,000 - $260,000 per year.
By clicking "Submit Application", I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion's Global Recruiting Privacy Policy and NYLL 144.
#LI-Onsite
A Note on AIYou don't need deep AI expertise for every role, but we do expect every Notino to be intellectually curious, drawn to tinkering and discovery, and excited to use AI as a real collaborator in their work. For some roles, AI fluency is a core requirement - when that's the case, we'll make it explicit in the qualifications. People who thrive here don't treat AI as a novelty. They use it to think better, move faster, and build more creatively.
