01 Zakres zadań
- Define and own the technical strategy for a fully integrated purple team function, bridging offensive (red team) and defensive (blue team) capabilities into a cohesive, intelligence-driven program.
- Design and implement a structured adversary emulation programme based on real threat intelligence, ensuring red team exercises directly improve blue team detection and response playbooks while establishing continuous feedback loops.
- Lead Asana's security maturity journey, defining a roadmap that progressively advances capabilities toward frameworks and standards such as NIST CSF, ISO 27001, SOC 2, and MITRE ATT&CK maturity levels.
- Develop, own, and continuously improve the end-to-end incident response lifecycle, including policies, playbooks, runbooks, and post-incident review processes.
- Design and implement a comprehensive vulnerability management program covering discovery, risk-based prioritization, SLA tracking, and remediation validation.
- Architect scalable security operations processes that reduce manual toil through automation and orchestration, enabling the team to operate at high velocity without sacrificing quality.
