Security Engineer, Threat Response

At Asana, security is foundational to our mission of helping humanity thrive by enabling the world's teams to work together effortlessly. The security team protects Asana's employees, users, and customers by proactively addressing threats and fostering a culture of security throughout our product and operations. We’re looking for a detail-oriented, collaborative Security Operations Engineer to join our Security blue team in Warsaw to help solve complex tracking challenges and ultimately scale our security infrastructure. You'll be a foundational member of the security presence in a key engineering hub, partnering directly with IT, infrastructure, and product teams to ensure we have robust detection and response capabilities.

This role is based in our Warsaw office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do, and your recruiter can share more about the in-office requirements. We offer a Contract of Employment (UoP) for our employees in Poland.

What you’ll achieve:

• Lead security incident detection, analysis, and response efforts, ensuring timely and effective remediation of security incidents.
• Utilize and optimize security tools such as Panther for SIEM, CrowdStrike for endpoint detection and response, and other security platforms.
• Develop, implement, and maintain security playbooks and automation scripts to streamline security operations and reduce manual toil.
• Monitor security alerts and threat intelligence feeds, proactively identifying and addressing emerging threats.
• Conduct forensic analysis during security incidents to understand the scope and impact of incidents.
• Collaborating with engineering teams to integrate security best practices into development processes and provide guidance on secure configurations.
• Develop and deliver training to educate engineers on security operations and incident response best practices.

About you:

• 5+ years of experience in security operations, incident response, or threat detection.
• Strong experience with SIEM platforms (e.g., Panther, Splunk, Elastic Security) for log analysis, alert correlation, and dashboard creation.
• Deep working knowledge of endpoint detection and response (EDR) tools (e.g., CrowdStrike, SentinelOne) and their capabilities.
• Proven experience developing and implementing security automation using scripting languages (e.g., Python, PowerShell) or orchestration tools.
• Experience performing security incident investigations and forensic analysis.
• Familiarity with common attack techniques, tactics, and procedures (TTPs) and frameworks like MITRE ATT&CK.
• Strong communication skills for collaborating effectively with both technical and non-technical partners.
• A pragm