Engineering Manager, Threat Response

At Asana, security is foundational to our mission of helping humanity thrive by enabling the world's teams to work together effortlessly. Our security team protects Asana's employees, users, and customers by proactively addressing threats and fostering a culture of security throughout our product and operations. We are looking for a Manager of Threat Response to lead and grow our team of Security Threat Response Engineers in Warsaw.

This is a player-manager role for a deeply technical security professional who is as comfortable handling a complex incident investigation as they are building the processes, people, and partnerships that make world-class incident response sustainable  will own the strategy and execution of Asana's Security Incident Response programme, drive the maturity of our detection and response capabilities, and establish a hybrid layered SOC model in partnership with a Managed Security Service Provider (MSSP).

This role is based in our Warsaw office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do, and your recruiter can share more about the in-office requirements. We offer a Contract of Employment (UoP) for our employees in Poland.

• Team Leadership & People Management:
  Lead, manage, and grow a team of Security Threat Response Engineers, providing technical direction, regular 1:1 coaching, performance management, and career development support.
• Talent Acquisition:
  Hire and onboard exceptional security talent, building a team with complementary skills across incident response, detection engineering, and threat intelligence.
• Culture & Operations:
  Create a high-trust, high-performance team culture grounded in continuous learning and psychological safety while defining and managing on-call/stand-by schedules sustainably.
• Incident Response Leadership:
  Own and continuously mature Asana's Security Incident Response programme (strategy, policies, playbooks, runbooks); act as an escalation point and provide hands-on technical leadership during high-severity incidents.
• Program Testing & Metrics:
  Drive a structured programme of tabletop exercises and simulated incident scenarios; define and track metrics such as MTTD and MTTR to report regularly to senior leadership.
• Threat Capabilities:
  Leverage CTI, MISP, OpenCTI, STIX/TAXII, or ISACs for threat-informed detection, threat hunting, and utilize Priority Intelligence Requirements (PIRs) to support major incidents.
• Hybrid SOC Architecture:
  Design, implement, and govern a hybrid, layered SOC operating model combining Asana’s internal team with an external Managed Security Service Provider (MSSP) to ensure seamless 24/7 coverage and SLA compliance.
• Detection & Tooling Optimization:
  Oversee the optimization of core security platforms like Panther (SIEM) and Crowd Strike (EDR) while tuning the detection engineering practice to map against the MITRE ATT&CK framework.
• Vulnerability & Automation:
  Manage and mature the risk-prioritized vulnerability management programme and champion the adoption of orchestration (SOAR) and automation tools to reduce manual toil.
• Cross-Functional Collaboration & Compliance:
  Partner with internal infrastructure, IT, and Group Tech Leads to align operations with organizational security roadmaps while ensuring alignment with frameworks like SOC 2, ISO 27001, NIST CSF, and FedRAMP environments.

• 7+ years of experience in security operations, incident response, or threat detection, including at least 2 years in a formal people management or team lead role within a security function.
• Deep, hands-on technical expertise managing complex security incidents end-to-end, with the ability to perform forensic analysis in complex environments.
• Strong experience utilizing SIEM platforms (e.g., Panther, Splunk, Elastic Security) for log analysis, alert corre