Tech Stack

Description

Join Asana's Security Red Team in Warsaw to protect our products and infrastructure. You'll conduct security reviews, penetration testing, and threat modeling, partnering with engineering teams to build secure software from the start.

Requirements

• 5+ years experience in application security, product security, penetration testing, or software engineering with security focus
• Strong software engineering background with Python, JavaScript/TypeScript, or Scala
• Deep knowledge of OWASP Top 10 and common web vulnerabilities (XSS, CSRF, SSRF, SQL injection)
• Experience with security tools for SAST/DAST, SCA, and vulnerability management
• Proven experience in security design reviews, threat modeling, and comprehensive penetration testing

Responsibilities

• Conduct security architecture reviews, threat modeling, and penetration testing for new features and services
• Test software for application security vulnerabilities through various assessment methodologies
• Triage, investigate, and drive remediation of vulnerabilities from bug bounty program, internal pen tests, and automated tooling
• Influence engineering initiatives by conducting design and roadmap reviews, communicating security constraints
• Develop and deliver training to educate engineers on secure coding best practices