Security Architecture Engineer, STORM

STORM (Security Threat Operations & Response Management) is Asana's security operations organization, made up of red and blue team specialists focused on protecting Asana's employees, users, and customers. We proactively address threats, embed security across the product lifecycle, and partner closely with Asana's broader R&D and engineering teams to make security-by-design the norm. We are looking for a collaborative, analytical Security Architecture Engineer to join our team in Warsaw to solve complex design challenges and scale our architectural security defenses.

This role is based in our Warsaw office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do, and your recruiter can share more about the in-office requirements.

We offer a Contract of Employment (UoP) for our employees in Poland.

What you’ll achieve

• Security Design Review & Threat Modelling: Lead architecture reviews and structured threat modelling (such as STRIDE, OWASP Threat Dragon, and MITRE ATT&CK) for new and in-flight projects to identify risk early and produce actionable guidance before code is written.

• Code & Data Flow Analysis: Conduct security-focused code reviews and analyze data flows across services, APIs, and integrations to identify trust boundaries and attack surface reduction opportunities.