• Careers
  • Jobs
  • Principal Application Security Engineer - Open To Remote Across ANZ

Principal Application Security Engineer - Open To Remote Across ANZ

Sydney, New South Wales, Australia – Full-time

Canva’s Commitment and Mission

At Canva, we celebrate diversity. We deeply believe that bringing together diversity of thoughts, perspectives and expression is key to building the best product, team and company. We look for many different skills and abilities, as well as how you can enhance Canva and our culture. So, even if you don’t think you quite meet all of the skills listed or tick all the boxes, we’d still love to hear from you! 

Our mission at Canva is to empower the world to design and since launching in 2013, we have grown exponentially, amassing over 86 million monthly active users across 190 different countries and a team of over 3,000 people… and the best bit is that we’ve only achieved 1% of what we know we’re capable of. 

Join us and design your future.

About Application Security Engineers

At Canva, we’re all constantly striving towards our Crazy Big Goals! As the features and services of our product suite evolve, we’re setting some large and ambitious goals. We need to be able to ship robust and secure features without sacrificing speed and scale of delivery, which is where our Application Security Engineers come in.

As an Application Security Engineer, it is your mission to make delivering secure products and features the easiest path for software engineers to follow. You are responsible for crafting what security engineering looks like at Canva, and continuously improving how the entire company delivers secure products to our Community throughout the product delivery process.

About the Security Group

The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk.

The group runs programs across Identity and Access Management, Application Security, Risk Management, and Threat Detection and Response domains.

What you'll be doing!

  • Identifying, introducing, and improving security controls in all stages of the software development lifecycle
  • Make application security best practices and design patterns secure defaults for all software engineers
  • Leading threat modelling exercises for new and sophisticated products and features
  • Crafting and developing tools, libraries and services that support Canva engineers in building secure software
  • Evaluating new and emerging security technologies, features, and products that make it easier to optimally build secure software
  • Discovery and remediation of vulnerabilities across Canva’s threat landscape
  • Finding novel ways to eliminate entire bug classes across Canva
  • Assisting your team in interviewing and hiring other talented security engineers
  • Mentoring and supporting the growth of your colleagues in your areas of expertise

Required experience:

  • Previous experience working with engineering teams to detect and remediate vulnerabilities as early as possible in the Software Development Life Cycle (“shift left”), including experience building and reviewing threat models for systems
  • A track record of effectively collaborating across multiple groups to deliver sophisticated technical security solutions, whilst mentoring other Application Security Engineers
  • Proficient with one or more modern program languages (Golang, Python or Java preferred)
  • Able to balance security and efficiency, whilst optimally mitigating risk
  • Deep technical knowledge in one or more areas of application security, and a growth mindset towards learning new and emerging areas.
  • Working knowledge of identity and authorization standards like OAuth, OpenID Connect, SAML
  • Hands on experience with Vulnerability Management pipelines and mitigation of vulnerability classes at scale
  • Excellent written and verbal communication skills; with the ability to work with a diverse range of Canvanauts from different backgrounds, with different expertise, and with different professional and personal needs

Beneficial Experience (not required, but helpful)

  • Subject-matter expertise of Amazon Web Services and associated technologies and products within the AWS ecosystem, especially IAM and security-specific services
  • Familiarity with infrastructure as code (e.g Terraform)

Working at Canva 

Our culture is unlike anywhere else and we design your #CanvaLife experience to empower you to do the best work of your life.  

Whether you’re in the office, working from home or choosing your own adventure, our benefits for permanent Canvanauts include: 

Equity packages for you to truly be a part of the Canva journey. 

We have a hybrid work model (in-office & from home), with our offices are always open to you balancing flexibility and connection

Flexible leave so you can recharge, give back, support others or focus on your own professional development.

Inclusive parental leave policy that supports all parents and carers throughout their parenting and caring journey.

An annual Vibe & Thrive allowance. This is for you to spend on whatever will support your wellbeing and development.. because you know what you need to Vibe and Thrive, better than anyone.

Virtual and in-office wellness benefits including Canva University, Employee Assistant Programs and Fitness & Meditation Classes.

Canva For Good program matching your not-for-profit donations, Force for Good leave (3 paid volunteering days) and a range of sustainability and ethical initiatives to get involved in.   

We make hiring decisions based on your experience, skills and passion. Please note that interviews are conducted virtually. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.