Staff Security Engineer (Technical Lead, Security)

We are looking for a Technical Lead to grow our rapidly expanding Security team here at Asana. You will be providing technical guidance to all of our Security teams and ensuring our ambitious security roadmap is achieved to keep Asana users safe.

The Security team ensures that Asana's users and employees are safe from malicious activity and accidental disclosure. We build the systems and tools that enable the rest of Asana to develop secure software easily. We're focused on secure-by-default frameworks, least privilege access, detection and alerting, and eliminating bug classes.  

As a tech lead for Security you will be responsible for the technical strategy and quality of our Security engineering program. You will also create alignment with technical stakeholders across the organization as this team’s work has a far reaching impact across the product. To ensure successful delivery, you will be working cross functionally with the Head of Security, Infrastructure Engineering, Product Engineering, and more to develop the roadmap for the team. You will also be mentoring team members in technical design and project leadership.

What you’ll achieve

• Own technical design and project execution for all of Security, delegating this work to other engineers on the team when appropriate
• Mentor engineers on the team through activities like pairing, code reviews, secure-by-design, and threat modeling  to promote a culture of security and technical excellence
• Make hands-on engineering contributions to our security frameworks and infrastructure with a focus on overcoming tricky technical challenges and modeling practices that improve security, quality, and velocity
• Work directly with the Head of Security and other senior leaders across Asana to set the strategy for Security
• Collaborate with other leads across Asana to steward a coordinated technical strategy

About you

• 8+ years of experience working in large codebases
• 2+ years of experience leading a complex project end-to-end, or in a tech lead or team lead role
• Deep information security expertise, and a demonstrated ability to mentor others to develop similar expertise
• Strong working knowledge of the OWASP top 10, including details of common vulnerabilities such as XSS, CSRF, SSRF, prototype pollution, HTTP desync, among others. Experience with standards including OAuth and SAML and their weaknesses.
• Experience leading team-wide projects from planning to successful execution
• Experience working cross-functionally with stakeholders and PM/Design partners to define requirements, make tradeoffs, and align on long-term plans
• Passionate about coaching and mentoring engineers of all experience levels
• Excited to be a part of an inclusive culture where everyone brings their whole selves to work
• Able to balance diverse risk when making decisions
• Experience securing multi-tenant SaaS cloud applications

Security Blog Posts

• How Asana uses Asana: Security incident response
• How our Security team solved a Central InfoSec CTF challenge
• Meet our Security team

About us

Asana helps teams orchestrate their work, from small projects to strategic initiatives. Millions of teams around the world rely on Asana to achieve their most important goals, faster. Asana has been named a Top 10 Best Workplace for 5 years in a row, is Fortune's #1 Best Workplace in the Bay Area, and one of Glassdoor’s and Inc.’s Best Places to Work. After spending more than a year physically distanced, Team Asana is safely and mindfully returning to in-person collaboration, incorporating flexibility that adds hybrid elements to our office-centric culture. With 11+ offices all over the world, we are always looking for individuals who care about building technology that drives positive change in the world and a culture where everyone feels that they belong.

We believe in supporting people to do their best work and thrive, and building a diverse, equitable, and inclusive company is core to our mission. Our goal is to ensure that Asana upholds an inclusive environment where all people feel that they are equally respected and valued, whether they are applying for an open position or working at the company. We welcome applicants of any educational background, gender identity and expression, sexual orientation, religion, ethnicity, age, citizenship, socioeconomic status, disability, and veteran status.