Senior Corporate Security Engineer - Open To Remote Across ANZ
Posted on Tuesday, August 22, 2023
Join the team redefining how the world experiences design.
Hey, g'day, mabuhay, kia ora,你好, hallo, vítejte!
Thanks for stopping by. We know job hunting can be a little time consuming and you're probably keen to find out what's on offer, so we'll get straight to the point.
Where and how you can work
Our flagship campus is in Sydney. We also have a campus in Melbourne and co-working spaces in Brisbane, Perth and Adelaide. But you have choice in where and how you work. That means if you want to do your thing in the office (if you're near one), at home or a bit of both, it's up to you.
What you’d be doing in this role
As Canva scales change continues to be part of our DNA. But we like to think that's all part of the fun. So this will give you the flavour of the type of things you'll be working on when you start, but this will likely evolve.
About Corporate Security Engineers
At Canva, we’re all constantly striving towards our Crazy Big Goals! As our corporate environment evolves, we’re setting some large and adventurous security goals. Canva has a rich and vibrant corporate IT infrastructure, and our goal is to balance delivering a resilient and secure company, whilst maintaining the organisational needs of a high velocity business.
The Corporate Security team embraces a collaboration model, focusing on balancing the needs and wants of the broader company whilst addressing and reducing overall organisational security risk.
As a Corporate Security Engineer, it is your mission to collaborate with internal stakeholders to drive information security risk remediation efforts across all of Canva. You will also be responsible for shaping what corporate security looks like at Canva, and ensuring that Canva can securely achieve its crazy big goals.
About the Security Group
The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk across the business. The group runs programs across Internal Corporate Security, Identity and Access Management, Application Security, Risk Management, and Threat Detection and Response domains.
- Develop and drive organisational security controls to protect our corporate data, applications, devices, and networks against threats.
- Collaborate with IT and Engineering teams to ensure secure development and operationalisation of business services.
- Conduct vendor security assessments and provide risk remediation strategies for improvements to our vendor security landscape.
- Own relationships within internal technology teams as a security subject matter expert to allow teams to achieve their goals securely.
- Demonstrated experience in delivering security requirements in one or more of the following areas: Zero Trust concepts, endpoint security hardening, mobile device management, endpoint vulnerability management and/or saas application hardening.
- Proven ability to threat model complex systems, identify security risks, develop mitigation strategies with engineering teams, and see it through to delivery.
- Strong proficiency in one or more programming/scripting languages, with the ability to mentor others on best practices in at least one language: Python, Golang, Java.
- Experience performing security evaluations of third-party solutions
- Proven experience working with external stakeholder teams such as IT and Procurement to deliver secure SaaS solutions.
Beneficial Experience (not required, but helpful):
- Delivery of large-scale projects end-to-end including design, implementation, and managing multiple stakeholders across different parts of the business.
- Familiarity with infrastructure as code (e.g Terraform).
- Experience working with identity management technologies (MFA, SAML, WebAuthn, Okta)
- Understanding of common compliance frameworks like SOC2, ISO27001, GDPR etc.
What's in it for you?
Achieving our crazy big goals motivates us to work hard - and we do - but you'll experience lots of moments of magic, connectivity and fun woven throughout life at Canva, too. We also offer a stack of benefits to set you up for every success in and outside of work.
Here's a taste of what's on offer:
• Equity packages - we want our success to be yours too
• Inclusive parental leave policy that supports all parents & carers
• An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
• Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally
Check out lifeatcanva.com for more info.
Other stuff to know
We make hiring decisions based on your experience, skills and passion, as well as how you can enhance Canva and our culture. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.
Please note that interviews are conducted virtually.