Senior Application Security Engineer (AppSec) - Open to remote across ANZ
Canva
This job is no longer accepting applications
See open jobs at Canva.See open jobs similar to "Senior Application Security Engineer (AppSec) - Open to remote across ANZ" General Catalyst.Melbourne VIC, Australia
Posted 6+ months ago
Join the team redefining how the world experiences design.
Hey, g'day, mabuhay, kia ora,你好, hallo, vítejte!
Thanks for stopping by. We know job hunting can be a little time consuming and you're probably keen to find out what's on offer, so we'll get straight to the point.
Where and how you can work
Our flagship campus is in Sydney. We also have a campus in Melbourne and co-working spaces in Brisbane, Perth and Adelaide. But you have choice in where and how you work. That means if you want to do your thing in the office (if you're near one), at home or a bit of both, it's up to you.
What you’d be doing in this role
As Canva scales change continues to be part of our DNA. But we like to think that's all part of the fun. So this will give you the flavour of the type of things you'll be working on when you start, but this will likely evolve.
About Application Security Engineers
At Canva, we’re all constantly striving towards our Crazy Big Goals! As the features and services of our product suite evolve, we’re setting some large and ambitious goals. We need to be able to ship robust and secure features without sacrificing speed and scale of delivery, which is where our Application Security Engineers come in.
As an Application Security Engineer, your primary objective is to safeguard Canva's products and features by proactively identifying and eliminating vulnerabilities. You play a crucial role in ensuring the security of our Community by providing guidance and support to engineering teams in identifying and resolving security issues as they arise.
About the Security Group
The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk.
The group runs programs across Identity and Access Management, Application Security, Risk Management, and Threat Detection and Response domains.
Role Responsibilities:
- Responsible for identifying, introducing, and enhancing robust security controls across all phases of the software development lifecycle
- Advising engineers on best practices, and developing secure patterns for Canva’s engineering practices across various domains
- Identifying, introducing, and improving security controls in all stages of the software development lifecycle
- Development and integration of systems that help identify, manage, and mitigate security risk across Canva’s threat landscape
- Develop tooling to assist engineering teams manage their security risk profiles
- Evaluating new and emerging security technologies, features, and products that make it easier to reliably build secure software
- Finding novel ways to eliminate entire bug classes across the Canva codebase
- Assisting your team in interviewing and hiring other talented security engineers
- Mentoring and supporting the growth of your colleagues in your areas of expertise
Required Experience:
- Proficient in one or more modern programming languages (Golang or Python preferred), and a proven track record of building security tooling and services
- Extensive working experience using a variety of security tools, including software composition analysis, static and dynamic security analysis, and vulnerability scanning
- Previous experience in securing cloud-based environments (AWS, Google Cloud, Azure) with a working knowledge of broad infrastructure functions - observability, site reliability etc.
- Expertise is Infrastructure as Code (IaC) principles and practices, with a track record of securely developing and deploying infrastructure (ie. Terraform)
- Working experience of supply chain security, including expertise in CI/CD pipelines, automation, and dependency management
- Experience leading projects end-to-end whilst balancing requirements from multiple partners, and mentoring Application Security Engineers
- Experience making careful engineering tradeoffs, particularly around "Build vs Buy", evaluating potential third party systems to partner with, and managing and working with vendors to meet Canva's business needs
- Excellent written and verbal communication skills; with the ability to work with a diverse range of individuals from different backgrounds, with different expertise, and with different professional and personal needs
Beneficial Experience (not required, but helpful):
- Subject-matter expertise of Amazon Web Services and associated technologies and products within the AWS ecosystem, especially security-specific services
- Experience of improving CI systems and Static Analysis
- Experience building or reviewing threat models for systems
What's in it for you?
Achieving our crazy big goals motivates us to work hard - and we do - but you'll experience lots of moments of magic, connectivity and fun woven throughout life at Canva, too. We also offer a stack of benefits to set you up for every success in and outside of work.
Here's a taste of what's on offer:
• Equity packages - we want our success to be yours too
• Inclusive parental leave policy that supports all parents & carers
• An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
• Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally
Check out lifeatcanva.com for more info.
Other stuff to know
We make hiring decisions based on your experience, skills and passion, as well as how you can enhance Canva and our culture. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.
Please note that interviews are conducted virtually.
This job is no longer accepting applications
See open jobs at Canva.See open jobs similar to "Senior Application Security Engineer (AppSec) - Open to remote across ANZ" General Catalyst.