AppSec Jobs
← Back to all jobs

Asana

Senior Software Engineer, Infrastructure Security

San Francisco, CAWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Asana

Asana, Inc. is a software company based in San Francisco, founded in 2008 by Dustin Moskovitz and Justin Rosenstein. The company offers a web and mobile work management platform designed to help teams organize, track, and manage their work using AI-powered collaboration tools. The name "Asana"reflects the platform's aim to combine structure and flow, allowing users to maintain focus amidst distractions. Asana's flagship product enables teams to align on goals, manage tasks, and track projects efficiently. It features custom dashboards, analytics, and reporting capabilities, and is accessible via web, iOS, and Android apps. The platform supports both free plans for small teams and paid tiers for advanced features, integrating seamlessly with popular tools like Gmail, Slack, and Microsoft Teams. Asana serves over 170,000 customers globally, including notable organizations such as Accenture and Amazon, and operates in 195 countries, with a strong presence in the U.S. market.

Industry

information technology & services

Employees

1,900

577 engineers

Revenue

$724M

Website

Visit →

Security at Asana

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Asana's AppSec philosophy prioritizes security in its product strategy, with the Security team responsible for keeping Asana and its customers secure.
  • They focus on enabling and educating the entire company rather than operating in a silo, using Asana internally for security operations, including their risk registry.
  • Protections include encryption, least privilege access, and secure software development.

Security Team

  • Sean Cassidy is the Chief Information Security Officer at Asana.
  • Job postings indicate that Asana's Security teams are cross-functional, composed of specialists in product, application, software engineering, infrastructure, and detection and response.

Key Initiatives

  • Asana has a public bug bounty program and accepts vulnerability reports via security@asana.com.
  • The process involves triaging, investigating, and driving the remediation of vulnerabilities, including those from the bug bounty program.
  • They also conduct security architecture reviews, threat modeling, and penetration testing.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.