Security Architect

Asana

31900-36000 PLN miesięcznie (Umowa o pracę)

Czym będziesz się zajmować?

  • Lead security design reviews and structured threat modelling (STRIDE, OWASP Threat Dragon, MITRE ATT&CK) for new and in-flight projects to identify risk early and produce actionable guidance before code is written.
  • Conduct security-focused code reviews and analyze data flows across services, APIs, and integrations to identify trust boundaries and attack surface reduction opportunities.
  • Translate threat model findings into concrete engineering recommendations and feed architectural weaknesses to the red team for proactive adversary emulation planning.
  • Build and mature Asana’s security architecture review process and define standards aligned to industry best practices like NIST 800-53, FedRAMP, ISO 27001, and OWASP ASVS.
  • Develop and maintain a reusable security pattern library for authentication, authorization, encryption, API security, and data handling that engineering teams can adopt directly.
  • Evaluate AI tooling and integrations using industry standards (OWASP Maestro and OWASP Top 10 for LLMs), assessing risks including prompt injection, model misuse, data leakage, and supply chain exposure.
  • Develop governance practices for AI-augmented development workflows and stay current with the evolving AI security landscape.

Kogo poszukujemy?

Key requirements:
  • 7+ years of progressive experience in security roles, with a focus on security architecture, application security, or high-scale design reviews.
  • Hands-on proficiency with threat modelling methodologies (STRIDE/PASTA, OWASP Threat Dragon) and the MITRE ATT&CK framework at the TTP level.
  • Competency conducting security-focused code reviews across modern languages, including Python, Go, Java, or TypeScript.
  • Deep functional knowledge of compliance frameworks and baselines, including NIST 800-53, FedRAMP, ISO 27001, OWASP ASVS, and the AWS Well-Architected Security pillar.
  • Strong understanding of authentication/authorisation mechanisms (OAuth 2.0, OIDC, SAML, SSO) and container infrastructure security (Kubernetes RBAC, pod security, network policies, and secrets management).
  • Demonstrated track record of translating complex architectural risks into clear, pragmatic guidance for engineers and senior stakeholders.
Nice to have:
  • Familiarity with emerging AI security standards, specifically the OWASP Top 10 for LLMs, OWASP Maestro, or securing multi-tenant SaaS platforms.
  • Demonstrates curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity, collaboration, or decision-making.

Czego wymagamy?

Znajomości:

Języki:

  • Angielski

Jakie warunki i benefity otrzymasz?

  • 31900-36000 PLN miesięcznie (Umowa o pracę)
  • Umowa o pracę - Elastyczne godziny pracy (100%)
  • Praca zdalna: Hybrydowo
  • Budżet szkoleniowy
  • Pakiet medyczny, Ubezpieczenie, Pakiet sportowy
  • Zimne napoje, Obiady

Gdzie będziesz pracował?

Marcina Kasprzaka 6, Warszawa lub hybrydowo

Kim jesteśmy? – Asana

Asana is the work management platform for human + AI collaboration. We help organizations bring people, processes, and AI together to plan, track, and deliver work with clarity and speed.

Powered by the Work Graph®, Asana gives teams the context and control they need to stay aligned, keep work moving, and scale impact. AI handles the busywork while humans stay in the loop to guide decisions and drive the business forward.

More than 170,000 organizations — including Accenture, Amazon, Anthropic, Morningstar, and Suzuki — run their most critical work on Asana.

Strona firmy: Asana