Warsaw Hybrid Full-time PLN 31,900 – 36,000 / month

Asana is hiring a Security Architecture Engineer, STORM

Responsibilities

  • Lead architecture reviews and structured threat modelling (such as STRIDE, OWASP Threat Dragon, and MITRE ATT&CK) for new and in-flight projects to identify risk early and produce actionable guidance before code is written.
  • Conduct security-focused code reviews and analyze data flows across services, APIs, and integrations to identify trust boundaries and attack surface reduction opportunities.
  • Translate threat model findings into concrete engineering recommendations and feed architectural weaknesses to STORM’s red team for proactive adversary emulation planning.
  • Build and mature Asana’s security architecture review process and define standards aligned to industry best practices like NIST 800-53, FedRAMP, ISO 27001, and OWASP ASVS.
  • Develop and maintain a reusable security pattern library for authentication, authorization, encryption, API security, and data handling that engineering teams can adopt directly.
  • Evaluate AI tooling and integrations using industry standards (such as OWASP Maestro and OWASP Top 10 for LLMs), assessing risks including prompt injection, model misuse, data leakage, and supply chain exposure.
  • Develop governance practices for AI-augmented development workflows and stay current with the evolving AI security landscape.
  • Champion security-by-design by driving organizational adoption of architecture diagrams, data flow diagrams, and threat models as first-class engineering artefacts.
  • Deliver highly technical training and workshops to engineering and product teams, making the secure choice the path of least resistance across the organization.

Requirements

  • 7+ years of progressive experience in security roles, with a focus on security architecture, application security, or high-scale design reviews.
  • Hands-on proficiency with threat modelling methodologies (STRIDE/PASTA, OWASP Threat Dragon) and the MITRE ATT&CK framework at the TTP level.
  • Competency conducting security-focused code reviews across modern languages, including Python, Go, Java, or TypeScript.
  • Deep functional knowledge of compliance frameworks and baselines, including NIST 800-53, FedRAMP, ISO 27001, OWASP ASVS, and the AWS Well-Architected Security pillar.
  • Strong understanding of authentication/authorisation mechanisms (OAuth 2.0, OIDC, SAML, SSO) and container infrastructure security (Kubernetes RBAC, pod security, network policies, and secrets management).
  • Demonstrated track record of translating complex architectural risks into clear, pragmatic guidance for engineers and senior stakeholders.
  • Proven ability to build security review processes from low maturity and shift engineering culture through influence and collaboration.
  • Strong technical writing skills with experience producing architectural diagrams, threat models, and clean documentation that teams reference daily.

Nice to Have

  • Familiarity with emerging AI security standards, specifically the OWASP Top 10 for LLMs, OWASP Maestro, or securing multi-tenant SaaS platforms.
  • Demonstrates curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity, collaboration, or decision-making.

Benefits

  • Generous, transparent and fair compensation system (base salary and RSUs).
  • Contract of Employment (and the option of 50% tax deductible costs for author’s rights usage in respect of applicable roles).
  • Health insurance with dental and travel coverage (Lux Med).
  • Breakfast and lunch catering on the days that you work from the office.
  • Vacation allowance.
  • Career growth budget.
  • Home office setup budget.
  • Gym/Fitness card.
  • Fertility healthcare and family-forming support with Carrot.
  • Mental Health Support in Modern Health.
  • Group life insurance.
  • MacBooks with all necessary accessories.
About company
Asana
Asana is a leading platform for human + AI collaboration. Millions of teams around the world rely on Asana to achieve their most important goals, faster.
All jobs at Asana Visit website
Job Details
Department STORM
Category other
Posted 3 days ago