About This Opportunity

Canva is one of the world's most widely used visual communication platforms, serving more than 150 million active users across 190 countries and valued at over $26 billion USD. What began as a browser-based design tool has grown into a global SaaS platform used by enterprises, educators, non-profits, and individuals for everything from marketing campaigns to data presentations — processing and storing sensitive content for millions of users every day.

Protecting that platform at global scale — across AWS and GCP environments, with a cloud-native infrastructure built for hyper-growth — is a security engineering challenge of genuine complexity. The Senior Security Engineer, Incident Response role sits at the centre of Canva's security operations: leading incident response, building detection-as-code capabilities, and developing the automation and playbooks that allow Canva's security team to stay ahead of an evolving threat landscape.

This is a role for a security engineer who codes — someone who treats detection rules and response automation as software engineering products, and who can simultaneously manage a high-severity incident and design the tooling that prevents the next one.

What You’d Be Doing In This Role

As Canva scales change continues to be part of our DNA. But we like to think that's all part of the fun. So, this will give you the flavor of the type of things you'll be working on when you start, but this will likely evolve.

At The Moment, This Role Is Focused On

Leading incident response coordination and acting as escalation point for security incidents across Canva's cloud-native infrastructure, including participation in the on-call roster

Monitoring and investigating security threats across AWS, GCP, and hybrid environments, proactively hunting for anomalous behavior and potential intrusions

Building and maintaining detection rules, automation workflows, and response playbooks using detection-as-code methodologies

Developing tools and solutions for security incident alerting, management, and communication that prevent incident recurrence

Maintaining comprehensive incident response documentation, lead post-incident reviews, and produce detailed incident reports

Championing security best practices across secure development, network security, and security operations

You're probably a match if

You have demonstrable experience in incident response, security operations, and coordinating security events from detection through resolution

You possess strong knowledge of cloud security architectures, attack techniques, and hands-on experience with cloud providers (AWS, GCP, or Azure)

You've worked extensively with endpoint detection and response (EDR) platforms for investigations, analysis, and response actions

You have an investigative mindset with ability to leverage OSINT techniques and solve ambiguous security problems with elegant solutions

You excel at documentation, communication, and stakeholder management while effectively prioritizing multiple tasks in a dynamic, fast-paced environment

You understand the role of security within the organization and apply risk-based decision making to security operations

You're comfortable working with Linux, macOS, and modern security tooling

Applying for This Role

• Dual cloud platform experience is required: AWS and GCP are both explicitly named. Applicants strong in one but weak in the other should invest time bridging the gap before applying — Canva's infrastructure spans both.
• Detection-as-code is a core competency: Prepare examples of detection rules you have written (Sigma, YARA, custom pipelines), automation workflows you have built, and the threats they were designed to catch.
• On-call experience should be discussed honestly: The role includes on-call responsibilities. Be prepared to discuss how you manage high-severity incident response under pressure, including communication to stakeholders and post-incident review processes.
• Technical interview rigour: Canva's security engineering interviews are technically demanding. Review incident response methodology, cloud attack techniques (MITRE ATT&CK for Cloud), and OSINT investigation approaches before your interview rounds.

Beneficial Experience (not Required, But Helpful)

Background in forensic acquisition and analysis, including maintaining chain of custody

Incident response in containerized and Kubernetes environments

Ability to perform static and dynamic malware analysis

Proficiency in scripting and programming languages (Python, Go, or similar)

Experience with security automation platforms and SOAR tools

Familiarity with detection-as-code practices and version control workflows

Knowledge of MITRE ATT&CK framework and threat intelligence platforms

Achieving our crazy big goals motivates us to work hard - and we do - but you'll experience lots of moments of magic, connectivity and fun woven throughout life at Canva, too. We also offer a range of benefits to set you up for every success in and outside of work.

Here's a Taste Of What's On Offer

Equity packages - we want our success to be yours too

Inclusive parental leave policy that supports all parents & carers

An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more

Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally