Notion
Who We Are Notion is the collaborative AI workspace where teams and agents think together. We're building one place where your knowledge, projects, meetings, and AI tools live side by side, so work is faster, clearer, and less fragmented. Millions of individuals, small teams, and large companies run their work on Notion. Notinos (our employees) are customer zero in bringing this future of work to life. We care about craft, building things that last, and the belief that great work is still fundamentally human. Our goal isn’t to ship the next feature. Each and every team of Notinos is working to set the standard for how humans work together in the AI era. From building a business’s system of record to making and managing AI agents to automating away the busy work, we care deeply about giving our customers more time for their life’s work. About the Role: We are hiring an experienced security engineer with 10+ years of experience to own cross-cutting programs at the intersection of product, infrastructure, and AI. You will be hands-on with core security primitives while coordinating across 5–10+ engineering teams to land multi-quarter changes safely—often in customer-facing, enterprise-critical surfaces (identity, authz, domain posture, and AI agent safety). In this role, you will be the primary owner for key authentication migrations, AI guardrail infrastructure, and authorization platform direction—work that directly unblocks enterprise security commitments, AI-agent launches, and the next milestone in our authz architecture. This role can be based in either San Francisco or New York City. We work from our offices on Mondays, Tuesdays and Thursdays (our Anchor Days) because we do our best thinking and building together in person. We’re looking for someone who’s excited to work alongside the team during those days. What You'll Achieve: - Modernize and migrate authentication across Notion’s product surfaces (SAML/OIDC, OAuth flows, session semantics, passkeys, CSP, redirect handling), landing multi-quarter changes with clear rollout plans and minimal customer disruption. - Build and operate Notion’s AI safety guardrail stack, including prompt-injection protections (vendor evaluation, deployment model decisions, integration with agents) and an external-source provenance system for AI-generated content across Mail, Calendar, and MCP. - Advance our authorization platform direction by driving crisp architectural trade-offs (e.g., SpiceDB vs. Macaroons) and shipping reusable primitives that product teams can adopt without bespoke security work. - By day 90: own one P0 security program end-to-end—RFC, rollout plan, partner alignment, execution, and measurable risk reduction—plus ship one piece of AI leverage (e.g., an internal security agent for triage/verification/continuous checks) that improves correctness and reduces time-to-resolution. - By end of year 1: raise the bar on security engineering craft by setting clearer standards for secure primitives (auth/authz, provenance, domain posture), improving adoption paths for partner teams, and reducing recurring classes of vulnerabilities through better systems—not heroics. Skills You'll Need to Bring: - Demonstrated ability to ship security-critical infrastructure in production systems (identity/authentication, authorization, platform primitives), including migrations that affect customers and require careful rollout and backwards compatibility. - Strong judgment navigating ambiguous trade-offs (security vs. product velocity, correctness vs. ergonomics, centralized platforms vs. local autonomy), with a track record of writing clear RFCs and aligning cross-functional stakeholders. - Experience building or operating AI/LLM security protections (e.g., prompt injection, tool/data provenance, policy enforcement) or a clear ability to ramp quickly and lead in an emerging domain. - High agency and systems mindset: you proactively find the real constraint, unblock partner teams, and build primitives that compound across the org (not one-off fixes). - Comfort mentoring and multiplying others—through intern/project ownership, enablement sessions, and pragmatic security guidance that engineers actually adopt. Notion is committed to providing highly competitive cash compensation, equity, and benefits. The compensation offered for this role will be based on multiple factors such as location, the role’s scope and complexity, and the candidate’s experience and expertise, and may vary from the range provided below. For roles based in San Francisco, the estimated base salary range for this role is $290,000 - $350,000 per year. By clicking “Submit Application”, I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion’s Global Recruiting Privacy Policy. #LI-Onsite A Note on AI You don’t need deep AI expertise for every role, but we do expect every Notino to be intellectually curious, draw
Demonstrated ability to ship security-critical infrastructure in production systems (identity/authentication, authorization, platform primitives), including migrations that affect customers and require careful rollout and backwards compatibility. Strong judgment navigating ambiguous trade-offs (security vs. product velocity, correctness vs. ergonomics, centralized platforms vs. local autonomy), with a track record of writing clear RFCs and aligning cross-functional stakeholders. Experience building or operating AI/LLM security protections (e.g., prompt injection, tool/data provenance, policy enforcement) or a clear ability to ramp quickly and lead in an emerging domain. High agency and systems mindset: proactively identify constraints, unblock partner teams, and build primitives that scale across the organization. Comfort mentoring and multiplying others through intern/project ownership, enablement sessions, and pragmatic security guidance that engineers actually adopt.
Own cross-cutting security programs at the intersection of product, infrastructure, and AI; coordinate across 5–10+ engineering teams to land multi-quarter changes safely, often in customer-facing, enterprise-critical surfaces (identity, authz, domain posture, and AI agent safety). Modernize and migrate authentication across Notion’s product surfaces (SAML/OIDC, OAuth flows, session semantics, passkeys, CSP, redirect handling) with rollout plans and minimal customer disruption. Build and operate Notion’s AI safety guardrail stack (prompt-injection protections, vendor evaluation, deployment model decisions, integration with agents) and an external-source provenance system for AI-generated content across Mail, Calendar, and MCP. Advance authorization platform direction by driving architectural trade-offs (e.g., SpiceDB vs. Macaroons) and shipping reusable primitives for product teams. Deliver a P0 security program end-to-end within 90 days (RFC, rollout plan, partner alignment, execution, risk reduction) and ship an AI leverage piece (e.g., internal security agent for triage/verification/continuous checks). Set security engineering craft standards for secure primitives (auth/authz, provenance, domain posture), improving adoption paths for partner teams and reducing recurring vulnerabilities through robust systems.
Application Security Engineer, AI Security
NotionSan Francisco, Global
AED 20,000 – 40,000/mo
Software Engineer, Trust
NotionSan Francisco, Global
USD 61,166 – 85,666/mo
Security Engineer, Detection and Response
NotionSan Francisco, Global
USD 70,342 – 79,517/mo
AI Applications Engineer
NotionSan Francisco, Global
USD 46,477 – 76,457/mo