• Careers
  • Jobs
  • Security Engineer - Application Security (AppSec)

Security Engineer - Application Security (AppSec)

Sydney – Full-time

At Canva, we’re transforming the way the world designs by building a suite of easy-to-use design tools (for graphics, animation, video, and print) in over 100 languages, and across browser-based and mobile platforms. 

Since our launch in April 2013, we have grown exponentially, amassing over 55 million users in over 100 languages.  We are the most valuable private technology company in Australia, and one of the world’s fastest-growing technology companies in the world.  We’re a values-driven organization with an engineering mindset for all the work we do. With profitability, a recent valuation of USD $15bn, and an incredible talent base - we’re even more driven to continue building out a captivating design experience for users all over the world.  We’re cementing the foundation for the future growth, stability, and safety of our business and users alike as we expand our global footprint with new offices in the United States.

In order to ensure we continue to protect our users and our organization, we’re reinforcing our security capability across the board and growing our application security team as well as other security teams.  We’re seeking talented individuals who will be responsible for shaping what security engineering looks like at Canva and building out capability for threat modeling, design reviews, building secure code libraries, and advising our development teams on how to bake security into our products and features. 

The application security team's mission is to find and fix vulnerabilities at scale. A big part of your future is the ability to reason through vulnerabilities, discover them, and eliminate them. We aim to use the best tools available (or build new ones) to eliminate entire bug classes and protect Canva services.

This position is vital to ensuring the ongoing security of the Canva service and will be instrumental in working with Canva engineering teams to build and operate robust and secure software and systems. This is a great opportunity to be on the leading edge of cloud-based software security and simultaneously gain intimate knowledge of large-scale SaaS products and services. 


  • Introduce and improve security controls in all stages of the software development lifecycle.
  • Design and develop tools, libraries, and services to support Canva engineers in building secure software.
  • Influence and advise engineering teams in how to design, develop, and operate Canva services.
  • Manage bug bounty and penetration testing programs.
  • Work closely with the Detection and Response team on root cause analysis for security incidents and respond to them in a quick manner.
  • Evaluate new and emerging security technologies, features, and products.
  • Reverse vulnerabilities into detections, find them across the entire codebase and work with teams to fix them.

Required Experience

  • Experience with a modern program language (Golang, Python, or Java preferred)
  • Experience with cloud platforms (AWS preferred, but GCP or Azure are also acceptable!)
  • Knowledge of common web-based vulnerabilities and appropriate mitigations (OWASP Top 10)
  • Knowledge of web application security best practices.

Beneficial Experience

  • Contributions to the security community (public research, blogging, presentations, etc)
  • Experience building or reviewing threat models
  • Knowledge of identity and authorization standards like OAuth, OpenID Connect, SAML
  • Familiarity with cryptographic protocols and practical applications
  • Hands-on experience with API design and implementation
  • Hands-on experience with security tools such as software composition analysis, static analysis, etc.
  • Familiarity with infrastructure as code (e.g Terraform)

Perks and Benefits

  • Competitive salary, plus stock options via our ESOP plan
  • Flexible daily working hours, we value work-life balance
  • Breakfast and lunch prepared by our wonderful Vibe team
  • Onsite-Gym and Yoga Membership
  • End-of-Trip Facilities: Bicycle parking and showers
  • Generous parental (including secondary) leave policy
  • Pet-friendly offices
  • Internal Coaching and an Employee Wellness Program
  • Sponsored social clubs, team events, and celebrations
  • Relocation budget for interstate individuals

This role is open to remote applications from folks who reside within Australia.

The Canva workspace is set up for you to do your best work and have a great time doing so, with breakout areas, little nooks, and quiet places to retreat.

If you're seeking professional growth and enjoy working on a product suite that impacts millions of lives every single day - individual and business folks alike - then apply now to be considered for a spot on the team!

We will not under any circumstances be accepting any CVs or resumes from recruitment agencies.