Join our companies in their quest to drive powerful, positive, change that endures.

Senior Security Engineer - Incident Response (Open to remote across ANZ)

Canva

Canva

Sydney, NSW, Australia
Posted on Tuesday, June 25, 2024

Job Description

Join the team redefining how the world experiences design.

Hey, g'day, mabuhay, kia ora, 你好, hallo, vítejte!

Thanks for stopping by. We know job hunting can be a little time consuming and you're probably keen to find out what's on offer, so we'll get straight to the point.

Where and how you can work

Our flagship campus is in Sydney. We also have a campus in Melbourne and co-working spaces in Brisbane, Perth and Adelaide. But you have choice in where and how you work. That means if you want to do your thing in the office (if you're near one), at home or a bit of both, it's up to you.

What you’d be doing in this role

As Canva scales change continues to be part of our DNA. But we like to think that's all part of the fun. So this will give you the flavour of the type of things you'll be working on when you start, but this will likely evolve.

About the Security Group

The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk.

The group runs programs across Identity and Access Management, Application Security, Risk Management, and Threat Detection and Response domains.

About the role

Canva’s goal is to create the world's most trusted platform, which makes security a top priority. The Incident Response team plays a critical role in safeguarding Canva’s systems, data, and the information our users entrust to us.


The Incident Response team comprises nearly 20 responders, spread across four sub-teams (called "Pods") in the APAC and EMEA regions. We engage in both proactive and reactive activities to prevent, detect, and respond to security threats.


Right now, we are seeking a Senior Security Engineer to lead a Pod within the team, succeeding the current Pod Lead who is transitioning to a new role internally. In addition to the technical aspects of the role, you will play a pivotal part in shaping the future of our Incident Response team, coaching (managing) a small team of Security Engineers in Australia, and contributing to a culture where we work with empathy, humility, and generosity.


As a Senior Security Engineer, you will have the opportunity to collaborate with some of the brightest minds in the industry, driving initiatives that enhance Canva’s security posture and the Incident Response team’s capabilities.

Role Responsibilities:

  • Respond to and coordinate security incidents that vary in scale, impact, and complexity in a professional and empathetic manner.
  • Conduct root cause analyses, drive post incident reviews, and identify opportunities to improve processes and prevent recurrences in collaboration with other teams.
  • Coach and mentor Incident Response team members, uplifting their skills, and enabling them to achieve their individual growth and impact goals.
  • Engage with the broader Security group and other Canva engineering teams to identify and proactively mitigate security risks and issues.
  • Participate in the on-call roster for security incident response, including triaging security events and escalating events to incidents as required.
  • Ensure that all team members are equipped with the knowledge and tools they need to succeed. This includes maintaining documentation and knowledge sharing through 1:1 sessions or lunch and learns.
  • Act as an escalation point for security incidents as needed.
  • Foster a positive and productive work environment by promoting collaboration, open communication, and continuous learning and development opportunities.
  • Collaborate with other teams in the Detection and Response subgroup on initiatives related to security automation, detection engineering, threat hunting, and cyber threat intelligence.

Required Experience:

  • You have demonstrable experience in Incident Response (5 years +) or in one or more comparable technical roles with transferrable knowledge and skills, preferably with exposure to operating systems and cloud services outside the Microsoft ecosystem (e.g., AWS, GCP, macOS, Linux, etc.).
  • First and foremost, you have a curious detective mindset and are driven to solve complex problems with simple solutions.
  • You possess confident verbal and written communication skills for leading technical and non-technical conversations with influence, adapting your style to suit the situation and your audience.
  • Your list of top five favourite things includes logs and more logs.
  • You have some experience leading and mentoring team members. Providing mentorship is close to your heart, and you thrive when empowering others to be their best.
  • You are proactive and forward-thinking, anticipating future challenges and opportunities, with the ability to make sound judgment calls in the best interest of Canva, even in situations of ambiguity.

What's in it for you?

Achieving our crazy big goals motivates us to work hard - and we do - but you'll experience lots of moments of magic, connectivity and fun woven throughout life at Canva, too. We also offer a stack of benefits to set you up for every success in and outside of work.

Here's a taste of what's on offer:

-Equity packages - we want our success to be yours too
Inclusive parental leave policy that supports all parents & carers
-An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
-Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally

Check out lifeatcanva.com for more info.

Other stuff to know

We make hiring decisions based on your experience, skills and passion, as well as how you can enhance Canva and our culture. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.

Please note that interviews are conducted virtually.