Staff Security Engineer (Technical Lead, Security)
San Francisco
Asana
Work anytime, anywhere with Asana. Keep remote and distributed teams, and your entire organization, focused on their goals, projects, and tasks with Asana.We are looking for a Technical Lead to grow our rapidly expanding Security team here at Asana. You will be providing technical guidance to all of our Security teams and ensuring our ambitious security roadmap is achieved to keep Asana users safe.
The Security team ensures that Asana's users and employees are safe from malicious activity and accidental disclosure. We build the systems and tools that enable the rest of Asana to develop secure software easily. We're focused on secure-by-default frameworks, least privilege access, detection and alerting, and eliminating bug classes.
As a tech lead for Security you will be responsible for the technical strategy and quality of our Security engineering program. You will also create alignment with technical stakeholders across the organization as this team’s work has a far reaching impact across the product. To ensure successful delivery, you will be working cross functionally with the Head of Security, Infrastructure Engineering, Product Engineering, and more to develop the roadmap for the team. You will also be mentoring team members in technical design and project leadership.
What you’ll achieve
- Own technical design and project execution for all of Security, delegating this work to other engineers on the team when appropriate
- Mentor engineers on the team through activities like pairing, code reviews, secure-by-design, and threat modeling to promote a culture of security and technical excellence
- Make hands-on engineering contributions to our security frameworks and infrastructure with a focus on overcoming tricky technical challenges and modeling practices that improve security, quality, and velocity
- Work directly with the Head of Security and other senior leaders across Asana to set the strategy for Security
- Collaborate with other leads across Asana to steward a coordinated technical strategy
About you
- 8+ years of experience working in large codebases
- 2+ years of experience leading a complex project end-to-end, or in a tech lead or team lead role
- Deep information security expertise, and a demonstrated ability to mentor others to develop similar expertise
- Strong working knowledge of the OWASP top 10, including details of common vulnerabilities such as XSS, CSRF, SSRF, prototype pollution, HTTP desync, among others. Experience with standards including OAuth and SAML and their weaknesses.
- Experience leading team-wide projects from planning to successful execution
- Experience working cross-functionally with stakeholders and PM/Design partners to define requirements, make tradeoffs, and align on long-term plans
- Passionate about coaching and mentoring engineers of all experience levels
- Excited to be a part of an inclusive culture where everyone brings their whole selves to work
- Able to balance diverse risk when making decisions
- Experience securing multi-tenant SaaS cloud applications
Security Blog Posts
- How Asana uses Asana: Security incident response
- How our Security team solved a Central InfoSec CTF challenge
- Meet our Security team
About us
Asana helps teams orchestrate their work, from small projects to strategic initiatives. Millions of teams around the world rely on Asana to achieve their most important goals, faster. Asana has been named a Top 10 Best Workplace for 5 years in a row, is Fortune's #1 Best Workplace in the Bay Area, and one of Glassdoor’s and Inc.’s Best Places to Work. After spending more than a year physically distanced, Team Asana is safely and mindfully returning to in-person collaboration, incorporating flexibility that adds hybrid elements to our office-centric culture. With 11+ offices all over the world, we are always looking for individuals who care about building technology that drives positive change in the world and a culture where everyone feels that they belong.
We believe in supporting people to do their best work and thrive, and building a diverse, equitable, and inclusive company is core to our mission. Our goal is to ensure that Asana upholds an inclusive environment where all people feel that they are equally respected and valued, whether they are applying for an open position or working at the company. We welcome applicants of any educational background, gender identity and expression, sexual orientation, religion, ethnicity, age, citizenship, socioeconomic status, disability, and veteran status.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Cloud CSRF CTF Incident response OWASP SaaS SAML SSRF Strategy Vulnerabilities XSS
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs