Senior Threat Detection Engineer Tooling and Automation (ANZ remote)

Join the team redefining how the world experiences design.

Hey hello hiya gday mabuhay kia ora 你好 hallo vítejte!

Thanks for stopping by. We know job hunting can be a little time consuming and youre probably keen to find out whats on offer so well get straight to the point.

Where and how you can work

Our flagship campus is in Sydney. We also have a campus in Melbourne and co-working spaces in Brisbane Perth and Adelaide. But you have choice in where and how you work. That means if you want to do your thing in the office (if youre near one) at home or a bit of both its up to you.

What youd be doing in this role

As Canva scales change continues to be part of our DNA. But we like to think thats all part of the fun. So this will give you the flavour of the type of things youll be working on when you start but this will likely evolve.

As a Senior Threat Detection Engineer you will be a technical expert delivering high-impact security engineering solutions across our detection and platform engineering service streams. You will design and implement enterprise-grade detection capabilities automate security workflows and enhance our security platform infrastructure. Your work will directly strengthen Canvas security posture by enabling faster threat detection reducing analyst toil through automation and scaling our security operations capabilities.

This role requires balancing security effectiveness with operational efficiency. You will leverage automation infrastructure-as-code and cloud-native technologies to deliver scalable resilient security solutions while maintaining the operational excellence of production security are not looking for someone who checks every single box were looking for lifelong learners and people who can make us better with their unique experiences.

• Lead detection engineering initiatives end-to-end from threat research and design documentation through implementation testing and production deployment developing high-fidelity detection logic covering threat vectors of interest to Canva.
• Participate in rotations and on-call schedules to support incident response and alert triage activities.
• Partner with Application Security CTI and Red Team to conduct threat modelling translate threat intelligence into actionable detections and validate detection effectiveness through threat simulation scenarios.
• Implement detection-as-code practices using version control CI/CD pipelines and automated testing frameworks to enable scalable version-controlled detection deployment.
• Design and build sophisticated SOAR workflows that automate detection triage investigation and response activities developing custom integrations with security tools and cloud platforms.
• Create automation and enrichment pipelines that reduce manual context-switching and cognitive load for analysts improving mean-time-to-detect analyse and respond to security events.
• Architect and maintain security platform infrastructure supporting detection investigation and response capabilities using infrastructure-as-code (Terraform/Ansible) and establish service-level objectives for platform services.
• Establish monitoring and alerting for platform health detection coverage and operational metrics to ensure reliability and visibility.
• Collaborate across security and engineering teams including D&R Operations DFIR Application Security and cloud infrastructure teams to define and integrate telemetry requirements deploy security sensors and ensure comprehensive visibility.
• Provide technical consultation and mentorship advising stakeholders on detection strategy automation capabilities and platform limitations while developing junior engineers in detection engineering and platform operations.

Youre probably a match if you have

• 5 years of hands-on experience in security engineering threat hunting detection engineering or security operations (SOC) with proven ability to design and implement detection capabilities at scale.
• Experience in SOC and alert triage.
• Proven track record in threat hunting or designing implementing and tuning detection logic for enterprise security platforms (SIEM EDR SOAR).
• Experience with detection engineering lifecycle: threat research detection development (KQL SPL ESQL SQL-style languages) testing deployment tuning and lifecycle management.
• Proficient in at least one programming language (Python or Go preferred) for automation development and custom tool creation.
• Hands-on experience with enterprise security platforms including: SIEM platforms (Elastic Security Splunk or similar) EDR solutions (SentinelOne CrowdStrike Microsoft Defender or similar) SOAR platforms (Tines Splunk SOAR Cortex XSOAR or similar).
• Experience building SOAR workflows or automation playbooks (with or without code).
• Infrastructure-as-code experience using Terraform/Ansible or similar tools to deploy and manage security infrastructure.
• Hands-on experience with cloud platforms (AWS GCP or Azure).
• Understanding of CI/CD pipelines and DevOps practices applied to security engineering workflows.
• Understanding of containerisation Kubernetes and cloud-native application architectures from a security perspective.
• Knowledge of networking concepts protocols and security controls relevant to detection and monitoring.

Beneficial Experience (not required but helpful)

• Background in Threat Hunting Threat Intelligence DFIR.
• Experience with advanced detection techniques: behavioural analytics anomaly detection machine learning-based detection and GenAI workflows.
• Knowledge of big data analytic platforms and query optimisation.
• Prior experience building or operating Detection Engineering programs or Security Operations Centres.
• Contributing to open-source security tools or publishing detection engineering research.

About the team

The Detection & Response (D&R) organisation is responsible for protecting Canva from security threats through proactive detection engineering incident response and security platform operations. We operate at the intersection of security engineering and security operations building and maintaining the detection capabilities automation workflows and security infrastructure that enable Canva to identify and respond to threats at scale.

About DETA (Detection Engineering Tooling & Automation) DETA provides specialised security engineering services across three distinct service streams: 

• Detection Engineering: Threat detection development MITRE ATT&CK coverage detection-as-code practices Alert optimisation false positive reduction detection lifecycle management
• Automation Engineering: SOAR workflows GenAI enrichment automation incident response orchestration
• Platform Engineering: SIEM/EDR/SOAR platform operations infrastructure optimisation observability (log source integration security telemetry standards data pipeline support)

Whats in it for you

Achieving our crazy big goals motivates us to work hard - and we do - but youll experience lots of moments of magic connectivity and fun woven throughout life at Canva too. We also offer a stack of benefits to set you up for every success in and outside of work.

Heres a taste of whats on offer:

• Equity packages - we want our success to be yours too

• Inclusive parental leave policy that supports all parents & carers

• An annual Vibe & Thrive allowance to support your wellbeing social connection office setup & more

• Flexible leave options that empower you to be a force for good take time to recharge and supports you personally

Check out for more info.

Other stuff to know

We see AI as a powerful amplifier of creativity and technology at Canva. Were evolving how we assess AI skills in our Technology hiring experience - youll tackle interactive real-time challenges that reflect the kind of work we some interviews you may also be asked to solve a problem using an AI tool to show how you approach challenges with tech by your side. Your recruitment partner will walk you through what to expect.

We make hiring decisions based on your experience skills and passion as well as how you can enhance Canva and our culture. When you apply please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.

Please note that interviews are conducted virtually.

Remote Work :

Yes

Employment Type :

Full-time