Senior Security Engineer - Platform Security

Job Description

Join the team redefining how the world experiences design.

Hey, g'day, mabuhay, kia ora, 你好, hallo, vítejte!

Thanks for stopping by. We know job hunting can be a little time consuming and you're probably keen to find out what's on offer, so we'll get straight to the point.

Where and how you can work

Our flagship Sydney campus is uniquely Canva - an extension of our Surry Hills neighbourhood. It’s a thoughtfully designed space with plenty of room to collaborate, focus, and connect.

This role is based in Sydney, and we’re looking for someone who calls it home. Our hybrid way of working gives you the flexibility to work remotely, and to come together on campus for meaningful in-person collaboration and connection when it matters most. We trust our Canvanauts to choose the balance that empowers them and their team to achieve their goals.
 

What you’d be doing in this role

As Canva scales change continues to be part of our DNA. But we like to think that's all part of the fun. So this will give you the flavour of the type of things you'll be working on when you start, but this will likely evolve.

At the moment, this role is focused on:

• Identifying, introducing, and improving security controls across Canva's compute, platform engineering, and cloud infrastructure disciplines.

• Advising infrastructure engineers on cloud platform security best practices and design patterns.

• Leading threat modelling code review exercises for new and complex architectures and features.

• Designing and developing tools, libraries, and services that support Canva engineers in building secure software.

• Evaluating new and emerging security technologies that make it easier to reliably maintain platform and infrastructure security.

• Discovering and triaging vulnerabilities across Canva's threat landscape.

• Assisting your team in interviewing and hiring other talented security engineers.

• Mentoring and supporting the growth of your colleagues in your areas of expertise.

You're probably a match if

• You have experience conducting infrastructure-focused security design reviews and assessments, including risk assessments and threat modelling.

• You have partnered with engineering teams to identify, audit, and remediate security issues across the DevOps ecosystem, including continuous integration, continuous delivery, infrastructure as code, and orchestration platforms.

• You bring deep expertise in securing cloud environments such as AWS and Google Cloud, along with a strong understanding of infrastructure domains including observability and site reliability.

• You are proficient in one or more modern programming languages, with experience in Go, Python, or Java highly regarded.

• You have successfully led security initiatives end-to-end, balancing the needs of multiple stakeholders while mentoring and supporting the growth of security engineers.

• You are an excellent communicator who can effectively engage with people from a wide range of backgrounds, technical disciplines, and experience levels.

Nice to have

• You have experience building and deploying security tooling to support containerised workloads.

• You are proficient with infrastructure and orchestration technologies such as Terraform, Docker, and Kubernetes, as well as CI/CD platforms including Buildkite, Jenkins, and ArgoCD, or equivalent technologies.

• You have a strong understanding of secrets management platforms and best-practice patterns for managing secrets in orchestrated environments.

About the team

The Security Group is responsible for protecting Canva systems and data from information security threats. The group runs programmes across Application Security, Risk Management, Enterprise Security, and Threat Detection and Response domains. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk.

This role resides within Application Security as a Subject Matter Expert to help Canva secure the platform upon which it operates, using artefacts produced from threat modelling, code review, and investigative work to inform secure decisions. You'll develop strong advisory and consulting relationships with Canva's platform engineering teams, offering subject matter expertise, deep knowledge, and dedicated hands-on support to enable secure platform and infrastructure. You are responsible for shaping what security engineering looks like at Canva and continuously improving how we secure our Platform as a Service.

What's in it for you?

Achieving our crazy big goals motivates us to work hard - and we do - but you'll experience lots of moments of magic, connectivity and fun woven throughout life at Canva, too. We also offer a range of benefits to set you up for every success in and outside of work.

Here's a taste of what's on offer:

• Equity packages - we want our success to be yours too

• Inclusive parental leave policy that supports all parents & carers

• An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more

• Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally

Check out lifeatcanva.com for more info.

Other stuff to know

We see AI as a powerful amplifier of creativity and technology at Canva. We’re evolving how we assess AI skills in our Technology hiring experience - you’ll tackle interactive, real-time challenges that reflect the kind of work we do. In some interviews, you may also be asked to solve a problem using an AI tool to show how you approach challenges with tech by your side. Your recruitment partner will walk you through what to expect.

We make hiring decisions based on your experience, skills and passion, as well as how you can enhance Canva and our culture. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.

We celebrate all types of skills and backgrounds at Canva so even if you don’t feel like your skills quite match what’s listed above - we still want to hear from you!

Please note that interviews are conducted virtually.