Security Engineer - Red Team (Open to remote across ANZ)

About the Security Group / Team 

Canvas goal is to create the worlds most trusted platform which makes security a top priority. As our product platforms infrastructure and corporate environments grow and evolve so too does our need to respond to an ever-increasing threat landscape.

The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together and with other groups to deliver preventive and detective controls and processes that reduce security risk. The group runs programs across Identity and Access Management Application Security Risk Management and Threat Detection and Response domains.  

The Red Team focuses on emulating adversaries and testing Canvas ability to detect and respond to them. Were constantly identifying new and innovative attack techniques reviewing the latest industry trends and mapping out credible attack scenarios to run against Canva.

As a Red Team Security Engineer your mission is to work together with Threat Intelligence Detection & Response and Application Security teams to ensure that Canva is prepared and able to effectively respond to these real-world threats.

At the moment this role is focused on:

• Planning designing and executing sophisticated threat scenarios that emulate realistic adversary techniques to identify vulnerabilities and response gaps in Canvas product platform and infrastructure.
• Researching viable attack paths and demonstrating how the risks may apply to Canva through stealth operations and collaborative purple team engagements.
• Collaborating closely with security incident responders to continuously uplift Canvas threat detection and response capabilities.
• Engaging with cross-functional teams across Canva to communicate risks provide recommendations and develop effective risk mitigation strategies for enhancing security posture.
• Providing technical guidance mentoring and support to engineers conducting security assessments and vulnerability analysis.
• Communicate and present operational outcomes at various levels of the business including internal teams and the wider engineering organisation as well as product owners and leadership.

Youre probably a match if you have

• Demonstrated experience as an offensive security engineer and performing team engagements from reconnaissance through to actioning on objectives.
• Ability to effectively communicate operational findings risk ratings and recommendations to technical and non-technical stakeholders; build rapport with engineering and security teams to drive post-engagement outcomes.
• Practical experience with offensive security tools and techniques and how they can be applied within a complex business environment; experience operating offensive tooling and infrastructure (e.g. C2 frameworks short haul vs. long haul infrastructure).
• Continuous development of knowledge around current and emerging security threats and how those threats could impact Canva.
• Experience exploiting macOS and Linux endpoints as well as corporate SaaS environments.
• Solid foundational understanding of cloud infrastructure platforms (e.g. AWS GCP).
• Software development experience with proficiency in either Golang or Python 

Whats in it for you

Achieving our crazy big goals motivates us to work hard - and we do - but youll experience lots of moments of magic connectivity and fun woven throughout life at Canva too. We also offer a stack of benefits to set you up for every success in and outside of work.

Heres a taste of whats on offer:

• Equity packages - we want our success to be yours too
• An inclusive parental leave policy that supports all parents & carers
• An annual Vibe & Thrive allowance to support your wellbeing social connection office setup & more
• Flexible leave options that empower you to be a force for good take time to recharge and support you personally

Check out for more info.

Other stuff to know

We make hiring decisions based on your experience skills and passion as well as how you can enhance Canva and our culture. When you apply please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.

Please note that interviews are conducted virtually.

Remote Work :

Yes

Employment Type :

Full-time