
Figma · San Francisco
Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—w...
Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform
helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating
with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from
anywhere in the world. If you're excited to shape the future of design and collaboration, join us!
Figma's Security team is growing, and we're looking for a Security Operations Manager to lead the strategy and execution of our
security operations program. In this role, you'll build and scale the systems, processes, and tooling that help protect Figma and
our community. You'll partner closely with Security Engineering, Platform Security, IT, GRC, and Legal to strengthen our detection
and response capabilities, improve operational resilience, and help shape the future of our DART and SOC functions.
This is a full time role that can be held from one of our US hubs or remotely in the United States.
continuous improvement
SOAR and custom tooling
severity
assessments
coverage gaps
strengthen detection and response programs
significant security incidents
IAM, vulnerability management, DLP, and exposure reduction
platforms
events
WHILE IT'S NOT REQUIRED, IT'S AN ADDED PLUS IF YOU ALSO HAVE:
At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop
their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the
job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.
Pay Transparency Disclosure
If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range stated below.
Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications
objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of
role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified.
For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of
between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information.
Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental & vision,
retirement with company contribution, parental leave & reproductive or family planning support, mental health & wellness benefits,
generous PTO, company recharge days, a learning & development stipend, a work from home stipend, and cell phone reimbursement.
Figma also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. Figma’s
compensation and benefits are subject to change and may be modified in the future.
At Figma we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions
allows our employees, our product and our community to flourish. Figma is an equal opportunity workplace - we are dedicated to
equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age,
citizenship, marital status, disability, gender identity/expression, veteran status, or any other characteristic protected by law.
We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.
We will work to ensure individuals with disabilities are provided reasonable accommodation to apply for a role, participate in the
interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require
accommodation, please reach out to accommodations-ext@figma.com. These modifications enable an individual with a disability to
have an equal opportunity not only to get a job, but successfully perform their job tasks to the same extent as people without
disabilities.
To ensure the integrity of our hiring process and facilitate a more personal connection, we require all candidates keep their
cameras on during video interviews. Additionally, if hired you will be required to attend in person onboarding.
By applying for this job, the candidate acknowledges and agrees that any personal data contained in their application or
supporting materials will be processed in accordance with Figma's Candidate Privacy Notice.
Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us! We’re looking for an expert Technical Program Manager (TPM) to support our Security Operations team. In this role, you’ll partner with our Business and Technology teams to lead cross-functional programs that are critical to how we manage risk and secure our organization. You’ll ensure alignment across teams, deliver on commitments, develop solutions, and clear roadblocks so we can move forward together. Beyond execution, you’ll roll up your sleeves to shape how teams work together—championing security practices, strengthening operations, and solving tough problems with scalable, repeatable practices. This is a full time role that can be held from one of our US hubs or remotely in the United States. WHAT YOU’LL DO AT FIGMA: * Own end-to-end program execution for security, compliance, and infrastructure initiatives—managing dependencies, milestones, risks, and reporting at a portfolio level * Lead highly cross-functional programs, using strong project management skills to deliver complex initiatives in a collaborative and transparent way * Drive project alignment by handling dependencies, guiding technical discussions, facilitating decision making, and ensuring the right conversations happen at the right time * Influence outcomes by building trusted, strong partnerships across the organization * Champion effective ways of working—finding the right balance of tools, structure & practices while continuously improving how we collaborate and deliver on our commitments WE'D LOVE TO HEAR FROM YOU IF YOU HAVE: * 5+ years of program or project management experience in a cloud or SaaS environment supporting enterprise technology or security teams * Strong understanding of information security principles and controls, including data protection, access management, and application security * Ability to dive into technical details and apply that knowledge to drive alignment and solve complex challenges * Experience communicating complex security risks and tradeoffs to both technical and non-technical audiences * Proficiency with project management and collaboration tools (e.g., Asana, Google Workspace, Slack, Zoom, Notion, Figma) and the judgment to apply them effectively based on team needs WHILE NOT REQUIRED, IT’S AN ADDED PLUS IF YOU ALSO HAVE: * PMP & Scrum Certifications * Prior experience with identity and access management systems and practices, vendor security and technology governance processes, risk assessments, security investigations, detection and response operations, and incident response * Familiarity with security frameworks and standards such as ISO 27001, NIST, and SOC 2, and experience with ITGC frameworks * Familiarity with AI/ML risk considerations or AI risk frameworks (NIST AI RMF, OECD, ISO 42001) * Experience with using AI tools (e.g Claude Code, Claude Cowork, Open AI Codex, etc) to automate and scale manual processes and decision-making workflows At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles. Pay Transparency Disclosure If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range stated below. Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information. Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave & reproductive or family planning support, mental health & wellness benefits, generous PTO, company recharge days, a learning & development stipend, a work from home stipend, and cell phone reimbursement. Figma also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. Figma’s compensation and benefits are subject to change and may be modified in the future. Annual Base Salary Range: $140,000—$245,000 USD At Figma we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions allows our employees, our product and our community to flourish. Figma is an equal opportunity workplace - we are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity/expression, veteran status, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. We will work to ensure individuals with disabilities are provided reasonable accommodation to apply for a role, participate in the interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require accommodation, please reach out to accommodations-ext@figma.com. These modifications enable an individual with a disability to have an equal opportunity not only to get a job, but successfully perform their job tasks to the same extent as people without disabilities. Examples of accommodations include but are not limited to: * Holding interviews in an accessible location * Enabling closed captioning on video conferencing * Ensuring all written communication be compatible with screen readers * Changing the mode or format of interviews To ensure the integrity of our hiring process and facilitate a more personal connection, we require all candidates keep their cameras on during video interviews. Additionally, if hired you will be required to attend in person onboarding. By applying for this job, the candidate acknowledges and agrees that any personal data contained in their application or supporting materials will be processed in accordance with Figma's Candidate Privacy Notice.
At Asana, security is foundational to our mission of helping teams work together effortlessly. Our security team protects Asana's employees, users, and customers by proactively addressing threats, ensuring compliance, and fostering a culture of security throughout our product and operations. As the Security Risk Manager, you will own Asana's internal security risk management program end-to-end. This is a senior role for someone who goes beyond frameworks and checklists — you will engineer the quantitative and automated foundations that let Asana continuously measure and make confident decisions about security risk. You'll build the systems and processes that make risk scalable, not just the policies that describe it, and serve as a trusted advisor to senior leadership. This role is based in our San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do and the teams with which you partner. If you're interviewing for this role, your recruiter will share more about the in-office requirements What you'll achieve * Own Asana's security risk management program: Design and continuously mature a quantitative risk framework — including risk scoring methodologies, likelihood and impact modeling, and risk appetite thresholds — that enables consistent, data-driven risk decisions across the organization. * Build and maintain a living risk register: Own Asana's central security risk register, developing KRIs, tracking trends over time, and driving accountability for risk treatment and remediation with business and technical owners. * Automate risk identification and monitoring: Design and implement automated data pipelines and integrations that continuously surface security risks — pulling signals from vulnerability scanners, cloud security tooling, SIEMs, and third-party risk sources — so Asana's risk posture is always current and not dependent on manual review cycles. * Deliver quantitative risk reporting: Develop executive-level dashboards that communicate security risk in business terms — probability, potential impact, cost of control vs. cost of breach, and residual risk exposure — to inform investment and prioritization decisions. * Partner cross-functionally on risk: Act as the primary security risk partner to Legal, Privacy, Finance, and Engineering. Influence security investment decisions and build a culture of risk awareness across the company. About you * 7+ years of experience in information security with a strong focus on security risk management and GRC. * Demonstrated experience building or leading a security risk management program — not just contributing to one. * Hands-on experience with quantitative risk methodologies such as FAIR, risk scoring models, or statistical risk analysis. You back up risk ratings with numbers, not just color codes. * Hands-on experience scripting or building automation to integrate security tooling, build data pipelines, or automate risk monitoring — you've built things, not just directed others to build them.Deep knowledge of security frameworks including NIST CSF, NIST SP 800-30, ISO 27001, SOC 2, and FedRAMP. * Proven ability to develop risk metrics, KRIs, and executive-level reporting that drives decision-making. * Strong understanding of cloud environments and SaaS architecture — enough to have credible risk conversations with technical teams. * Excellent communicator who can translate technical risk findings for both engineering teams and C-suite stakeholders. * Demonstrates curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity and decision-making. At Asana, we're committed to building teams that include a variety of backgrounds, perspectives, and skills. If you're interested in this role and don't meet every listed requirement, we still encourage you to apply. What we'll offer For this role, the estimated base salary range is between $194,000–$220,000. The actual base salary will vary based on various factors, including market and individual qualifications objectively assessed during the interview process. In addition to base salary, your compensation package may include equity and benefits. If you're interviewing for this role, speak with your Talent Acquisition Partner to learn more. We strive to provide equitable and competitive benefits packages that support our employees worldwide and include: * Mental health, wellness & fitness benefits * Career coaching & support * Inclusive family building benefits * Long-term savings or retirement plans * In-office culinary options to cater to your dietary preferences #LI-Hybrid About us Asana is a leading platform for human + AI collaboration. Millions of teams around the world rely on Asana to achieve their most important goals, faster. Asana has been named to Fortune's Best Workplaces for 7+ years and recognized by Fast Company, Forbes, and Gartner for excellence in workplace culture and innovation. We offer an exceptional office-centric culture while adopting the best elements of hybrid models to ensure that every one of our global team members can work together effortlessly. With 13+ offices all over the world, we are always looking for individuals who care about building technology that drives positive change in the world and a culture where everyone feels that they belong. Join Asana’s Talent Network to stay up to date on job opportunities and life at Asana.
Secure Every Identity, from AI to Human Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organizations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence. This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk. The Technology, Data, and Intelligence (TDI) Team Okta is the leading independent identity provider. The Technology, Data, and Intelligence (TDI) organization is the engine that powers Okta's global workforce, providing the technology and systems that enable our employees to do their best work. The Staff Security Engineer Opportunity We are seeking a highly skilled and hands-on Staff Security Engineer with a DevSecOps & Issue Management focus to join the TDI Security team. In this role, you will be embedded directly within our technical environments, working side-by-side with engineering and operations teams to strengthen Okta’s security posture across infrastructure, cloud, and business systems. This is a tactical and strategic role; you will build a centralized Security Posture Analytics and Reporting capability that aggregates findings, remediation status, and risk data across Okta's security tools to improve visibility, accountability, and execution. The focus is on automating issue tracking and ownership assignment, identifying and routing unowned findings, partnering with remediation teams to accelerate closure, and developing remediation solutions where none currently exist. Longer term, leverage AI to simplify security posture management, increase trust in the data, automate analysis and prioritization, and provide actionable insights that help TDI proactively manage security risk at scale. The ideal candidate combines deep technical security expertise with the ability to troubleshoot in complex environments and drive measurable improvements across the security posture management lifecycle. You’ll partner closely with Security, TDI SRE, TDI Engineering and SaaS application teams to implement/develop agentic-first scalable security controls, automate scanning and remediation workflows, and ensure our platforms—from AWS and to enterprise SaaS applications like Salesforce, ERP, Google Workspace, Slack, and Zoom—are secure by design. You will also work on developing a best-in-class security posture management program that can withstand today’s dynamic threat landscape What you’ll be doing * Security Posture Management * Up-level our Security Posture Management program to handle various issues identified by security tooling across our ecosystem. * Leverage Dashboards and Visualization Tools to showcase our Vulnerability and Issue Management progress and current status * Manage Okta’s Security Posture Management program, including integrating data ingestion pipelines, coding logic to prioritize vulnerability fixes, supporting teams remediating issues coming out from various tools (ISPM, DSPM, Qualys, etc), and developing automated systems at scale. * Configure and operationalize tools such as Snyk, Semgrep, and Qualys to expand scanning coverage for all TDI assets. * Collaborate with teams to troubleshoot and remediate findings; provide technical mentorship to developers and admins. * Based on findings from tools such as ISPM/SSPM, Snyk, Semgrep, Qualys, Cyera, and other security platforms, develop and maintain metrics, reporting, and executive visibility that drive ownership, accountability, prioritization, and measurable risk reduction across the organization. * Partner with Security and GRC to communicate our risk posture and remediation status. * Secure Development & DevSecOps Enablement * Partner with product and engineering teams to advise on secure coding, build pipelines, and deployment best practices. * Support and enforce ProdSec SDL adoption across business units, standardizing design reviews and requirements gathering. * Implement secrets rotation automation and best practices for secrets management across TDI systems. * Lead “shift left” security efforts to build security into the SDLC. * Baseline Image & Environment Security * Collaborate with SRE to manage update pipelines and enforce compliance with baseline standards. * Conduct light Security Architecture Reviews (SARs) for lower environments to confirm proper controls and data handling. * Automation, AI Development & Continuous Improvement * Develop agentic automation to scale security posture scanning, reporting, issue remediation, and patch validation. * Architect E2E automation flows and system design for an AI agent and its subagents (e.g remediation agent, security posture management triage agent, etc). * Identify and close gaps across CSPM, CI/CD pipeline security, and endpoint hardening. * Provide technical guidance for integrating security into business and productivity platforms (Salesforce, ERP, Google Workspace, Slack, Zoom). What you’ll bring to the role * 10+ years of experience in Security Engineering, DevSecOps, Infrastructure Security, or SaaS apps within a SaaS or enterprise environment. * Hands-on technical expertise in the scanning, patching, and remediation of the issues across cloud, and SaaS ecosystems. * Leverage creative and strategic thinking to promote risk reduction through secure design and simplicity * Possess broad security knowledge to connect the dots across security domains * Able to collaborate cross-functionally and balance security requirements with business objectives. * Experience deploying and managing Snyk, Semgrep, and Qualys tools. * Strong knowledge of AWS security practices, SRE principles, and securing business technology stacks (Salesforce, ERP, Google, Slack, Zoom). * Proven ability to coach, mentor, and collaborate with development teams to improve remediation velocity. * Practical understanding of secure SDLC / PDLC, supply chain security, and secrets management. * Experience building security tools/applications, and automated tools * Effective communication skills to communicate strategically with higher-level leadership and with individual contributors.Proficient with visualization/BI tools to create dashboards and provide reporting to leadership and other key stakeholders. * Experience in driving remediation across a variety of issues raised by posture management solutionsExcellent troubleshooting and communication skills, with a proactive and solution-oriented mindset. P21924_3474953 Below is the annual base salary range for candidates located in San Francisco Bay Area. Your actual base salary will depend on factors such as your skills, qualifications, experience, and work location. In addition, Okta offers equity (where applicable), bonus, and benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. To learn more about our Total Rewards program please visit: https://rewards.okta.com/us. The annual base salary range for this position for candidates located in the San Francisco Bay area is between: $134,000—$184,800 USD The Okta Experience * Supporting Your Well-Being * Driving Social Impact * Developing Talent and Fostering Connection + Community We are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one. Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation. Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, please click here to view our full NYC AEDT Notice.