Group Tech Lead, Security Threat Operations & Response Management

• Define and own the technical strategy for a fully integrated purple team function, bridging offensive (red team) and defensive (blue team) capabilities into a cohesive, intelligence-driven program.
• Design and implement a structured adversary emulation programme based on real threat intelligence, ensuring red team exercises directly improve blue team detection and response playbooks while establishing continuous feedback loops.
• Lead Asana's security maturity journey, defining a roadmap that progressively advances capabilities toward frameworks and standards such as NIST CSF, ISO 27001, SOC 2, and MITRE ATT&CK maturity levels.
• Develop, own, and continuously improve the end-to-end incident response lifecycle, including policies, playbooks, runbooks, and post-incident review processes.
• Design and implement a comprehensive vulnerability management program covering discovery, risk-based prioritization, SLA tracking, and remediation validation.
• Architect scalable security operations processes that reduce manual toil through automation and orchestration, enabling the team to operate at high velocity without sacrificing quality.

Key requirements:

• 8+ years of progressive experience in security operations, threat detection and response, or offensive security, with at least 3 years in a senior technical leadership or principal engineering role.
• Deep technical expertise across both red and blue team disciplines, with a proven track record of designing and leading a purple team or integrated threat operations programme at scale.
• Strong command of SIEM platforms for detection engineering and advanced log correlation, and extensive knowledge of EDR platforms for proactive threat hunting.
• Expert-level familiarity with operationalizing adversary emulation frameworks and handling forensic analysis during complex incident investigations in large cloud-native environments.
• Strong engineering and automation background utilizing scripting languages paired with exposure to SOAR platforms.

Nice to have:

• Familiarity with specific SIEM platforms such as Panther, Splunk, or Elastic Security.
• Experience with EDR platforms like CrowdStrike or SentinelOne.
• Knowledge of scripting languages beyond Python, such as PowerShell.
• Exposure to AI/ML tools for enhancing threat detection and response.