全部面试
Notion logo

Notion

Senior

Own authentication migrations, AI guardrail infrastructure, and authz platform direction at Notion

Notion is hiring a security engineer with 10+ years of experience to own cross-cutting security programs spanning identity/authz, AI agent safety, and platform primitives across 5-10+ engineering teams. This interview probes deep hands-on experience with authentication migrations (SAML/OIDC, OAuth, passkeys, CSP), AI/LLM security protections (prompt injection, provenance), authorization architecture tradeoffs (e.g., SpiceDB vs Macaroons), and the judgment to drive multi-quarter, customer-facing security changes safely.

走进这场面试

免费 · 一场按这个岗位校准的真语音模拟

练这场面试

这场面试考什么

  • Authentication migrations (SAML/OIDC, OAuth, passkeys, CSP, session semantics)
  • AI/LLM security: prompt injection protections and content provenance
  • Authorization platform architecture tradeoffs (e.g., SpiceDB vs Macaroons)
  • Driving multi-quarter, cross-team security programs via RFCs
  • Mentoring and scaling security practices across partner teams

常见提问方向

Walk through a multi-quarter authentication migration you owned end-to-end, including rollout and backwards-compatibility tradeoffs

How would you design prompt-injection protections and a provenance system for AI-generated content across surfaces like Mail/Calendar/MCP

Reason through an authorization architecture tradeoff (e.g., centralized policy store vs. capability-based tokens)

Tell me about writing a security RFC and aligning 5-10+ engineering teams behind it despite pushback

A time you had to balance security rigor against product velocity — how did you decide, and what happened

How do you scale security practices across partner teams without becoming a bottleneck

查看原始招聘页

相关面试