Group Tech Lead, Security Threat Operations & Response Management

At Asana, security is foundational to our mission of helping humanity thrive by enabling the world's teams to work together effortlessly. Our security team protects Asana's employees, users, and customers by proactively addressing threats and fostering a culture of security throughout our product and operations. We are looking for a collaborative, innovative Group Tech Lead for Security Threat Operations and Response Management to join our security organization in Warsaw. This is a senior technical leadership role that sits at the intersection of offensive and defensive security — a true purple team visionary who will design and drive Asana's threat operations strategy from the ground up. You will set the long-term technical direction for how we detect, emulate, respond to, and continuously improve our defences against real-world adversaries.

This role is based in our Warsaw office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do, and your recruiter can share more about the in-office
requirements. We offer a Contract of Employment (UoP) for our employees in Poland.

What you’ll achieve

• Purple Team Strategy & Technical Leadership: Define and own the technical strategy for a fully integrated purple team function, bridging offensive (red team) and defensive (blue team) capabilities into a cohesive, intelligence-driven program.
• Adversary Emulation: Design and implement a structured adversary emulation programme based on real threat intelligence, ensuring red team exercises directly improve blue team detection and response playbooks while establishing continuous feedback loops.
• Security Maturity & Industry Standards: Lead Asana's security maturity journey, defining a roadmap that progressively advances capabilities toward frameworks and standards such as NIST CSF, ISO 27001, SOC 2, and MITRE ATT&CK maturity levels.
• Lifecycle Management: Develop, own, and continuously improve the end-to-end incident response lifecycle, including policies, playbooks, runbooks, and post-incident review processes.
• Vulnerability Operations: Design and implement a comprehensive vulnerability management program covering discovery, risk-based prioritization, SLA tracking, and remediation validation.
• Process Design & Operational Excellence: Architect scalable security operations processes that reduce manual toil through automation and orchestration, enabling the team to operate at high velocity without sacrificing quality.
• Detection Engineering: Build and