Group Tech Lead, Security Threat Operations & Response Management

At the company, security is foundational to our mission of helping humanity thrive by enabling the world's teams to work together effortlessly. Our security team protects the company's employees, users, and customers by proactively addressing threats and fostering a culture of security throughout our product and operations. We are looking for a collaborative, innovative Group Tech Lead for Security Threat Operations and Response Management to join our security organization in Warsaw.

This is a senior technical leadership role that sits at the intersection of offensive and defensive security — a true purple team visionary who will design and drive the company's threat operations strategy from the ground up. You will set the long-term technical direction for how we detect, emulate, respond to, and continuously improve our defences against real-world adversaries.

This role is based in our Warsaw office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do, and your recruiter can share more about the in-office
requirements. We offer a Contract of Employment (UoP) for our employees in Poland.

• Purple Team Strategy & Technical Leadership:
  Define and own the technical strategy for a fully integrated purple team function, bridging offensive (red team) and defensive (blue team) capabilities into a cohesive, intelligence-driven program.
• Adversary Emulation:
  Design and implement a structured adversary emulation programme based on real threat intelligence, ensuring red team exercises directly improve blue team detection and response playbooks while establishing continuous feedback loops.
• Security Maturity & Industry Standards:
  Lead the company's security maturity journey, defining a roadmap that progressively advances capabilities toward frameworks and standards such as NIST CSF, ISO 27001, SOC 2, and MITRE ATT&CK maturity levels.
• Lifecycle Management:
  Develop, own, and continuously improve the end-to-end incident response lifecycle, including policies, playbooks, runbooks, and post-incident review processes.
• Vulnerability Operations:
  Design and implement a comprehensive vulnerability management program covering discovery, risk-based prioritization, SLA tracking, and remediation validation.
• Process Design & Operational Excellence:
  Architect scalable security operations processes that reduce manual toil through automation and orchestration, enabling the team to operate at high velocity without sacrificing quality.
• Detection Engineering:
  Build and standardize detection engineering workflows, ensuring threat detections are systematically developed, tested, tuned, and retired in alignment with the current threat landscape.
• AI-Driven Innovation:
  Identify, evaluate, and implement AI and machine learning capabilities to enhance the speed, accuracy, and coverage of threat detection, automated alert triage, root cause analysis, and incident summarization.
• Organizational Leadership & Enablement:
  Provide technical mentorship to security engineers across red and blue team disciplines, integrate security best practices into cross-functional development pipelines, and deliver advanced training program.

• 8+ years of progressive experience in security operations, threat detection and response, or offensive security, with at least 3 years in a senior technical leadership or principal engineering role.
• Deep technical expertise across both red and blue team disciplines, with a proven track record of designing and leading a purple team or integrated threat operations programme at scale.
• Strong command of SIEM platforms (e.g., Panther, Splunk, Elastic Security) for detection engineering, advanced log correlation, and extensive knowledge of EDR platforms (e.g., Crowd Strike, Sentinel One) for proactive threat hunting.
• Expert-level familiarity with operationalizing adversary emulation frameworks (such as MITRE ATT&CK) and handling forensic analysis during complex incident investigations in large cloud-native environments.
• Strong engineering and automation background utilizing scripting languages (e.g., Python, Power Shell) paired with exposure to SOAR platforms.
• Strategic capability to translate business risk into a technical roadmap aligned to NIST CSF, ISO 27001, or SOC2 standards, combined with strong technical process design skills.
• Excellent communication and collaborative skills, with a track record of building cross-functional trust and explaining complex threat concepts clearly to engineering, product, legal, and executive teams alike.
• Demonstrates curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity, collaboration, or decision-making.

At the company, we're committed to building teams that include a variety of backgrounds, perspectives, and skills, as this is critical to helping us…