Security Engineer, Threat Response

Asana•San Francisco, CA

7h•Hybrid

About The Position

At Asana, security is foundational to our mission of helping humanity thrive by enabling the world's teams to work together effortlessly. Our security team protects Asana's employees, users, and customers by proactively addressing threats and fostering a culture of security throughout our product and operations. We are looking for a Security Engineer, Threat Response to join our Security blue team in New York City. You'll be a foundational member of the security presence in a key hub, partnering directly with IT, infrastructure, and product teams to ensure we have robust detection, response, and vulnerability management capabilities. You will be instrumental in scaling our security practices by building effective monitoring, automating repetitive security operations tasks, and championing a security-first mindset. This role sits within the Security Threat Operations and Response Management (STORM) group, responsible for the security of Asana the company and the security of the product — ensuring we maintain customer trust and are able to grow sustainably. You will collaborate with teams across the company including Infrastructure, Customer Success, Legal, IT, and other key stakeholders to drive better incident response outcomes. This role is based in our New York City or San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do and the teams with which you partner. If you're interviewing for this role, your recruiter will share more about the in-office requirements.

Requirements

5+ years of experience in security operations, incident response, threat detection, or vulnerability management.
Strong experience with SIEM platforms (e.g., Panther, Splunk, Elastic Security) for log analysis, alert correlation, and dashboard creation.
Deep working knowledge of endpoint detection and response (EDR) tools (e.g., CrowdStrike, SentinelOne) and their capabilities.
Proven experience in developing and implementing security automation using scripting languages (e.g., Python, PowerShell) or orchestration tools.
Experience performing security incident investigations and forensic analysis.
Familiarity with common attack techniques, tactics, and procedures (TTPs) and frameworks like MITRE ATT&CK.
Hands-on technical expertise in at least two of the following areas: Cloud Security, Detection & Response, Digital Forensics, Network Security, Abuse, or Fraud.
Experience working in environments composed primarily of SaaS and cloud resources.
Track record of successfully leading incident response projects and mentoring engineers on security operations.
Experience making technical trade-offs and articulating them clearly to stakeholders at different levels, both internal and external.
Excellent communication skills, able to explain complex technical concepts clearly to both technical and non-technical partners.
Customer-obsessed mindset with a drive to deliver the best possible experience and outcomes for Asana's customers and users.
A pragmatic and collaborative mindset, with a passion for building robust defences and enabling other engineers to do their best, most secure work.
Demonstrates curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity, collaboration, or decision-making.

Nice To Haves

Hands-on experience with logging and monitoring tools such as Datadog, Splunk, and Panther.
Hands-on experience with AWS, Google Workspace, and common SaaS applications.
Experience with macOS endpoint security, including investigation workflows and EDR capabilities on Apple platforms.
Experience with bug bounty programs.
Experience with red team/blue team or purple team exercises.
Familiarity with FedRAMP requirements, particularly around incident reporting obligations, continuous monitoring, and evidence collection standards for FedRAMP-authorised environments.

Responsibilities

Lead security incident detection, analysis, and response efforts, ensuring timely and effective remediation of security incidents.
Actively participate in and lead the on-call rotation, setting the standard for security incident management across the team.
Manage and mature our vulnerability management program, including scanning, assessment, prioritization, and tracking remediation efforts.
Utilize and optimize security tools such as Panther for SIEM, CrowdStrike for endpoint detection and response, and other security platforms.
Develop, implement, and maintain security playbooks and automation scripts to streamline security operations and reduce manual toil.
Monitor security alerts and threat intelligence feeds, proactively identifying and addressing emerging threats.
Conduct forensic analysis during security incidents to understand the scope and impact of incidents.
Lead retrospectives to help raise engineering excellence and embed a continuous improvement culture across the team.
Drive incident management and incident response best practices across the company, mentoring fellow engineers through pairing, process definition, and training exercises.
Participate in and help lead tabletop exercises to ensure different stakeholders are thinking about and preparing for incidents across the company.
Collaborate with engineering teams to integrate security best practices into development processes and provide guidance on secure configurations.
Stay informed of industry trends, emerging threats, and best practices in security operations, detection, and response to ensure Asana's security posture remains robust.
Collaborate with teammates and stakeholders to develop both short-term and long-term strategies for risk management.