. . . miners run ASICs to find a PoW number . . .
That number is generally called a "nonce".
. . . that when SHA256 function is applied to the whole block with that number, it results in a working hash to make a valid block. . .
Technically, only the 80-byte block header is hashed via SHA256 with the nonce, not the entire block. However, one of the values in the block header is the Merkle Root (which is a SHA256 hash generated from a Merkle Tree built from all the transactions in the block.
But they also need to validate each of the transactions within the block, right?
The individuals running ASIC do not need to do that. They are presented with an 80-byte block header from the mining pool and simply need to search for the nonce.
The mining pool will need to verify the transactions in order to build the Merkle Tree and generate the Merkle Root for the header.
And this requires checking the entire history of each of the included users' past transactions to verify that they have enough BTC to make a payment?
The full nodes (which are also run by the mining pools) maintain a list of unspent transaction outputs (UTXO). The transactions in the block spend those outputs. So for each transaction, the node simply needs to verify that the output being spent by the transaction exists in the UTXO and that the signatures match the requirements from the UTXO. This happens as each transaction is received. The node validates the transaction the moment it is received and then adds it to it's own MemPool (list of valid unconfirmed transactions). That way, when its time to build a new block, the node can just grab transactions from the MemPool with the confidence that they've already been validated.