Engineering

Security Engineer - Identity & Access

Sydney – Full-time

We’re constantly working towards making Canva the best place to work, for everyone. We believe deeply that bringing together diversity of thoughts, perspectives and expression is key for building the best product for our equally diverse community all around the world. We celebrate uniqueness and whatever makes you, you and encourage everyone who wants to help us transform the way the world designs, to join us on this journey. We value all different types of experiences. If you don’t think you quite meet all of the qualifications, we’d still love to hear from you.  

About Us

At Canva, our mission is to democratise design and empower creativity for anyone and everyone, on every platform. Inspired by a team of talented thinkers, an amazing culture and a remarkable growth trajectory – we’re out to change the world, one design at a time. 

Since launch in August 2013, we have grown exponentially, amassing over 60 million monthly active users across 190 different countries who have created more than 6 Billion designs. We are one of the world’s fastest-growing technology companies and we have only achieved about 1% of what we want to do.

In order to ensure we continue to protect our customers and our organization, we’re reinforcing our security capability across the board and growing our identity and access engineering team. We are seeking talented individuals who will be responsible for shaping what security engineering looks like at Canva by implementing state of the art zero-trust architectural patterns across Canva’s network and endpoints, define dynamic access patterns and privilege levels for IAAS and SAAS products, and provide consulting and expertise across the organization.

Responsibilities

  • Define and implement zero-trust policies and architectural patterns across Canva endpoints.
  • Investigate and build access flows for cloud providers such as Amazon Web Services, Google Cloud Platform, and Alibaba Cloud.
  • Build mechanisms to audit privilege and access across a large number of SAAS and IAAS providers.
  • Implement solutions at the networking layer to assure the privacy and security of Canva employees.
  • Architect internal service access patterns and solutions for directory management at scale.
  • Evaluate new and emerging security technologies, features, and products.
  • Provide consulting and expertise to the wider organization around industry best practices and Authentication and Authorization principles.
  • Work on techniques to reduce developer friction while assuring a baseline of security controls are met.

Required Experience

  • Strong understanding of identity fundamentals and AAA industry standards.
  • Familiarity with Amazon Web Services and the security offerings and controls that they provide.
  • Extensive knowledge and experience within one or more back-end programming languages.
  • A foundational understanding of cryptographic principles and assurances provided by symmetric and asymmetric cryptography.

Beneficial Experience (Not Required, but Helpful)

  • Experience working with the Go programming language and associated tooling.
  • Understanding of RBAC, ABAC, PBAC, and ACL access management approaches.
  • A foundational understanding of Unix-based operating systems and POSIX standards.
  • Familiarity with database models and use-cases for different storage types.
  • Knowledge of common identity and access pitfalls and exploitation techniques.
  • Experience working with CI/CD systems and defining integration pipelines.
  • Hands-on experience with API design and implementation.
  • The ability to work in a fast-paced environment and independently design and develop architectural and engineering solutions.

Perks and Benefits

  • Competitive salary, plus stock options via our ESOP plan
  • Flexible daily working hours, we value work-life balance
  • Breakfast and lunch prepared by our wonderful Vibe team
  • Onsite-Gym and Yoga Membership
  • End-of-Trip Facilities: Bicycle parking and showers
  • Generous parental (including secondary) leave policy
  • Pet-friendly offices
  • Internal Coaching and an Employee Wellness Program
  • Sponsored social clubs, team events, and celebrations
  • Relocation budget for interstate individuals

This role is open to remote applications from folks who reside within Australia and do not require visa sponsorship.

We will not under any circumstances be accepting any CVs or resumes from recruitment agencies.

We make hiring decisions based on your experience, skills and passion. If you’re keen to apply and need reasonable adjustments or would like to note which pronouns you use at any point in the application or interview process, please let us know.