Engineering

Security Engineer - Incident Response

Sydney – Full-time

We’re constantly working towards making Canva the best place to work, for everyone. We believe deeply that bringing together diversity of thoughts, perspectives and expression is key for building the best product for our equally diverse community all around the world. We celebrate uniqueness and whatever makes you, you and encourage everyone who wants to help us transform the way the world designs, to join us on this journey. We value all different types of experiences. If you don’t think you quite meet all of the qualifications, we’d still love to hear from you.  

About Us

At Canva, our mission is to democratise design and empower creativity for anyone and everyone, on every platform. Inspired by a team of talented thinkers, an amazing culture and a remarkable growth trajectory – we’re out to change the world, one design at a time. 

Since launch in August 2013, we have grown exponentially, amassing over 60 million monthly active users across 190 different countries who have created more than 6 Billion designs. We are one of the world’s fastest-growing technology companies and we have only achieved about 1% of what we want to do.

In order to ensure we continue to protect our users and our organization, we’re reinforcing our security capability across the board and growing our incident response and core security engineering teams.  We’re seeking talented individuals who will be responsible for shaping what security engineering looks like at Canva by building out our capability for detecting and responding to threats targeting our software and systems, performing security assessments, building the tooling to detect and respond to threats, and advising our development teams on how to bake security into our products and features.

Role Responsibilities

  • Actively respond to security events from detection through to resolution, including the rollout of solutions and mitigations to prevent a recurrence
  • Actively monitor Canva’s internal and production systems for possible attacks and intrusions
  • Proactively run threat detection exercises and search for anomalous behavior
  • Build out and develop the tools and foundations for security incident alerting, management, communication, and response
  • Maintain incident response documentation, participate in retros, and contribute to incident reports
  • Participate in the on-call roster for security incident response
  • Assist in the promotion of a security mindset and the establishment of best practices across a wide range of security areas: secure development, cryptography, network security, security operations, and incident response
  • Identify trends, research, new technologies, and emerging threats models, which may impact the business
  • Contribute to projects that enhance the security positioning of the business

Role Requirements

  • First and foremost, have a curious detective mindset and be driven to solve ambiguous problems with simple solutions
  • Knowledge of web protocols, common attacks, and deep knowledge of Linux/Unix tools and architecture
  • Exposure to the cloud!  Ideally AWS, but GCP or Azure would be completely fine!
  • Documentation, communication, and stakeholder management skills; the ability to work alongside technical and non-technical colleagues
  • The ability to prioritize multiple tasks and projects in a dynamic environment
  • High-level familiarity with a  modern programming or scripting language (Python, Java, Golang, etc.)
  • Previous experience in Security - Engineering, Operations, Incident Response, Analysis, or Threat Research is a bonus, but not a hard requirement
  • Prior commercial experience in a Systems or Software Engineering role is also a bonus, but not a requirement

Benefits

  • Competitive salary, plus stock options via our ESOP plan
  • Flexible daily working hours, we value work-life balance
  • Breakfast and lunch prepared by our wonderful Vibe team
  • Onsite-Gym and Yoga Membership
  • End-of-Trip Facilities: Bicycle parking and showers
  • Generous parental (including secondary) leave policy
  • Pet-friendly offices
  • Internal Coaching and an Employee Wellness Program
  • Sponsored social clubs, team events, and celebrations
  • Relocation budget for interstate individuals to move to Sydney

This role is open to remote applications from folks who reside within Australia and do not require sponsorship.

We will not review or consider unsolicited agency CVs.

We make hiring decisions based on your experience, skills and passion. If you’re keen to apply and need reasonable adjustments or would like to note which pronouns you use at any point in the application or interview process, please let us know.