Security Engineer - Incident Response

Sydney – Full-time

At Canva, we’re transforming the way the world designs by building a suite of easy-to-use design tools (for graphics, animation, video, and print) in over 100 languages, and across browser-based and mobile platforms.  

Since launch in April 2013, we have grown exponentially, amassing over 55 million users in over 100 languages.  We are the most valuable technology company in Australia, and one of the world’s fastest-growing technology companies in the world.  We’re a values-driven organization with an engineering mindset to all the work we do.  With profitability, a recent valuation of USD $15bn, and an incredible talent base - we’re even more driven to continue building out a captivating design experience for users all over the world.  We’re cementing the foundation for the future growth, stability, and safety of our business and users alike as we expand our global footprint with new offices in the United States.

In order to ensure we continue to protect our users and our organization, we’re reinforcing our security capability across the board and growing our incident response and core security engineering teams.  We’re seeking talented individuals who will be responsible for shaping what security engineering looks like at Canva by building out our capability for detecting and responding to threats targeting our software and systems, performing security assessments, building the tooling to detect and respond to threats, and advising our development teams on how to bake security into our products and features.

Role Responsibilities

  • Actively respond to security events from detection through to resolution, including the rollout of solutions and mitigations to prevent a recurrence
  • Actively monitor Canva’s internal and production systems for possible attacks and intrusions
  • Proactively run threat detection exercises and search for anomalous behavior
  • Build out and develop the tools and foundations for security incident alerting, management, communication, and response
  • Maintain incident response documentation, participate in retros, and contribute to incident reports
  • Participate in the on-call roster for security incident response
  • Assist in the promotion of a security mindset and the establishment of best practices across a wide range of security areas: secure development, cryptography, network security, security operations, and incident response
  • Identify trends, research, new technologies, and emerging threats models, which may impact the business
  • Contribute to projects that enhance the security positioning of the business

Role Requirements

  • First and foremost, have a curious detective mindset and be driven to solve ambiguous problems with simple solutions
  • Knowledge of web protocols, common attacks, and deep knowledge of Linux/Unix tools and architecture
  • Exposure to the cloud!  Ideally AWS, but GCP or Azure would be completely fine!
  • Documentation, communication, and stakeholder management skills; the ability to work alongside technical and non-technical colleagues
  • The ability to prioritize multiple tasks and projects in a dynamic environment
  • High-level familiarity with a  modern programming or scripting language (Python, Java, Golang, etc.)
  • Previous experience in Security - Engineering, Operations, Incident Response, Analysis, or Threat Research is a bonus, but not a hard requirement
  • Prior commercial experience in a Systems or Software Engineering role is also a bonus, but not a requirement


  • Competitive salary, plus stock options via our ESOP plan
  • Flexible daily working hours, we value work-life balance
  • Breakfast and lunch prepared by our wonderful Vibe team
  • Onsite-Gym and Yoga Membership
  • End-of-Trip Facilities: Bicycle parking and showers
  • Generous parental (including secondary) leave policy
  • Pet-friendly offices
  • Internal Coaching and an Employee Wellness Program
  • Sponsored social clubs, team events, and celebrations
  • Relocation budget for interstate individuals to move to Sydney

This role is open to remote applications from folks who reside within Australia and do not require sponsorship.

The Canva workspace is set up for you to do your best work and have a great time doing so, with breakout areas, little nooks, and quiet places to retreat.

If you're seeking professional growth and enjoy working on a product suite that impacts millions of lives every single day - individual and business folks alike - then apply now to be considered for a spot on the team!

We will not review or consider unsolicited agency CVs.