Senior Corporate Security Engineer

We are looking for a Corporate Security Engineer to grow our rapidly expanding Security team here at Asana. You will be leading initiatives to help keep Asana’s Corporate environment and users safe.

The security team is responsible for protecting Asana’s employees, users, and customers. We are a team of security engineers and risk and compliance practitioners who build innovative safeguards to ensure that our data is protected against threats and that we comply with legal, regulatory, and customer requirements. We collaborate closely with teams across the organization to foster a culture of security throughout our product and operations.

This role is based in our San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do and the teams with which you partner. If you're interviewing for this role, your recruiter will share more about the in-office requirements.

What you’ll achieve:

• Lead initiatives across key security domains, including Endpoint Security, SaaS Security Posture Management (SSPM), Identity & Access Management (IAM), Identity Governance, and data-loss prevention
• Collaborate closely with IT, engineering, and business stakeholders to integrate security tools, policies, and processes into corporate systems and workflows, enabling secure-by-design implementations
• Design and build automation scripts and tools to streamline security workflows, collect actionable metrics, and enforce security policies at scale.
• Develop and implement strategies and tooling for Data Loss Prevention (DLP) and the mitigation of insider risks within Asana.
• Partner with our Incident Manager and provide subject matter expertise for incident response.

About you:

• 4 years experience in a Corporate Security or IT Security
• Familiarity with Identify and Access Management, Authentication & Authorization, Endpoint management, and Network Security Controls.
• Strong understanding of security concepts including zero trust architecture, threat modeling, security frameworks (SOC 2, ISO 27001) and CIS Controls.
• Experience in implementing Data Loss Prevention tooling and insider risk programs.
• Some experience writing and maintaining scripts in at least one language such as Python.
• Experience with Okta, Google Workspace, osQuery and EDR solutions.
• Demonstrates curiosity about AI tools and emerging technologies, with