Principal Security Engineer
About The Position
The Security team ensures that our users, employees, and platform are protected from malicious activity and accidental data exposure. We build secure-by-default systems, frameworks, and tooling that enable engineering teams to ship fast without compromising trust. Our focus includes least-privilege access, scalable detection and alerting, automation to eliminate entire classes of risk, and security that grows with the business. We are seeking a Principal Security Engineer to provide technical leadership and execution across a complex, global, high-growth SaaS environment. This is a senior individual contributor role reporting to the Head of Security, with accountability for defining security architecture, setting technical direction, and driving cross-company alignment between Security, Engineering, Product, and Executive leadership. You are both a strategist and a builder: setting long-term vision while remaining deeply hands-on with system design, security architecture, and critical incidents. This role is based in our San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do and the teams with which you partner. If you're interviewing for this role, your recruiter will share more about the in-office requirements.
Requirements
- 10+ years in a security-related engineering role, with 3+ years in a staff or principal-level role.
- Experience as a technical lead across multiple teams, influencing direction beyond direct ownership.
- Strong software engineering background, with the ability to engage deeply in system design, security architecture, and complex technical trade-offs.
- Deep understanding of application and platform risks (e.g., OWASP Top 10), identity and access controls (OAuth, OIDC, SAML), and modern attack patterns.
- Significant, hands-on experience securing cloud environments at scale, especially AWS.
- You excel at evaluating security trade-offs, making pragmatic, risk-informed decisions, and communicating those decisions clearly to technical and non-technical stakeholders.
- Demonstrated curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity, collaboration, or decision-making
Responsibilities
- Define and deliver the Security Engineering technical strategy and multi-year roadmap aligned with Asana’s product, platform, and business priorities.
- Raise the technical bar across security engineering through design and risk reviews, hands-on mentorship, and clear standards.
- Partner with senior leaders across Engineering, Product, and Infrastructure to improve Asana’s overall security posture.
- Develop security policies, processes, and procedures that scale with a growing, global engineering organization.
- Help grow the security engineering team through recruiting and interviewing.
- Stay ahead of the threat landscape and support teams building new features and technologies to ensure they are secure by design.
Benefits
- Mental health, wellness & fitness benefits
- Career coaching & support
- Inclusive family building benefits
- Long-term savings or retirement plans
- In-office culinary options to cater to your dietary preferences
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
Education Level
No Education Listed
