Asana

SecurityEngineer,ThreatResponse

$202–230k New York, New York, United States; San Francisco, California, United States Remote Friendly

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Senior candidates.

The Brief

“Security Engineer, Threat Response at Asana. Skills: Threat Response, Incident Detection, Vulnerability Management, Security Automation. Lead security incident detection, analysis, and response. Participate in and lead on-call rotation”

What You'll Achieve.

Ensure timely and effective remediation of security incidents; Streamline security operations and reduce manual toil; Ensure Asana's security posture remains robust; Achieve goals faster; Drive positive change in the world

Industry & Context.

Problems you'll solve

Proactively addressing threats; Building effective monitoring; Automating repetitive security operations tasks; Identifying and addressing emerging threats; Making technical trade-offs

Eligibility Requirements

On-call rotation

What They're Looking For.

Must Have

5+ years of experience in security operations, incident response, threat detection, or vulnerability management, experience with SIEM platforms (e.g., Panther, Splunk, Elastic Security) for log analysis, alert correlation, and dashboard creation, Deep working knowledge of endpoint detection and response (EDR) tools (e.g., CrowdStrike, SentinelOne) and their capabilities, Proven experience in developing and implementing security automation using scripting languages (e.g., Python, PowerShell) or orchestration tools, Experience performing security incident investigations and forensic analysis, Familiarity with common attack techniques, tactics, and procedures (TTPs) and frameworks like MITRE ATT&CK, Hands-on technical expertise in at least two of the following areas: Cloud Security, Detection & Response, Digital Forensics, Network Security, Abuse, or Fraud, Experience working in environments composed primarily of SaaS and cloud resources, Track record of successfully leading incident response projects and mentoring engineers on security operations, Experience making technical trade-offs and articulating them clearly to stakeholders at different levels, both internal and external, Excellent communication skills, able to explain complex technical concepts clearly to both technical and non-technical partners, Customer-obsessed mindset with a drive to deliver the best possible experience and outcomes for Asana's customers and users, A pragmatic and collaborative mindset, with a passion for building robust defences and enabling other engineers to do their best, most secure work, Demonstrates curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity, collaboration, or decision-making

Nice to Have

Hands-on experience with logging and monitoring tools such as Datadog, Splunk, and Panther, Hands-on experience with AWS, Google Workspace, and common SaaS applications, Experience with macOS endpoint security, including investigation workflows and EDR capabilities on Apple platforms, Experience with bug bounty programs, Experience with red teamlue team or purple team exercises, Familiarity with FedRAMP requirements, particularly around incident reporting obligations, continuous monitoring, and evidence collection standards for FedRAMP-authorised environments

What You'll Do.

Lead security incident detection

Participate in and lead on-call rotation

Manage and mature vulnerability management program

Utilize and optimize security tools

and maintain security playbooks

Monitor security alerts and threat intelligence feeds

Conduct forensic analysis during security incidents

Lead retrospectives for engineering excellence

Drive incident management best practices

Participate in tabletop exercises

Collaborate with engineering teams on security best practices

Stay informed of industry trends and emerging threats

Develop short-term and long-term strategies for risk management

How You'll Work.

Team & Collaboration

Partnering directly with IT, infrastructure, and product teams; Collaborate with teams across the company including Infrastructure, Customer Success, Legal, IT, and other key stakeholders; Collaborate with teammates and stakeholders; Mentoring fellow engineers through pairing, process definition, and training exercises; Collaborate with engineering teams to integrate security best practices

Communication Scope

Explain complex technical concepts clearly to both technical and non-technical partners

Process & Methodology

Lead incident response projects

Full Job Description

At Asana, security is foundational to our mission of helping humanity thrive by enabling the world's teams to work together effortlessly. Our security team protects Asana's employees, users, and customers by proactively addressing threats and fostering a culture of security throughout our product and operations. We are looking for a Security Engineer, Threat Response to join our Security blue team in New York City. You'll be a foundational member of the security presence in a key hub, partnering directly with IT, infrastructure, and product teams to ensure we have robust detection, response, and vulnerability management capabilities. You will be instrumental in scaling our security practices by building effective monitoring, automating repetitive security operations tasks, and championing a security-first mindset. This role sits within the Security Threat Operations and Response Management (STORM) group, responsible for the security of Asana the company and the security of the product — ensuring we maintain customer trust and are able to grow sustainably. You will collaborate with teams across the company including Infrastructure, Customer Success, Legal, IT, and other key stakeholders to drive better incident response outcomes. This role is based in our New York City or San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do and the teams with which you partner. If you're interviewing for this role, your recruiter will share more about the in-office requirements. What you’ll achieve Lead security incident detection, analysis, and response efforts, ensuring timely and effective remediation of security incidents. Actively participate in and lead the on-call rotation, setting the standard for security incident management across the team. Manage and mature our vulnerability manag

Free ATS check

Applying for this Security Engineer, Threat Response role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 48 detected · ranked by frequency

Forensic analysis ×4

Threat Response ×3

Vulnerability Management ×3

Security Automation ×3

Security incident detection ×3

Security incident analysis ×3

Security incident response ×3

Vulnerability management program ×3

Security playbooks ×3

Automation scripts ×3

Security alerts monitoring ×3

Threat intelligence feeds ×3

Incident response projects ×3

Mentoring engineers ×3

Incident Detection ×2

Panther ×2

Splunk ×2

Elastic Security ×2

CrowdStrike ×2

SentinelOne ×2

AWS ×2

Google Workspace ×2

Datadog ×2

SIEM platforms

Endpoint detection

Response tools

Python

PowerShell

Orchestration tools

Security incident investigations

Attack techniques

MITRE ATT&CK

Role Details

Experience 5–10 yrs

Level Senior

Work Mode office-centric hybrid schedule

Category infrastructure-engineering

Salary Band 200k+

AI-Extracted Insights

Domain Areas

cloud-native-architecturesaas-environmentsfedramp-requirements

ANONYMOUS · UNFILTERED

What do employees actually say about Asana?

Real rants from real employees. Read before you apply.

Read Company Rants →