Security Engineer - Red Team (Open to remote across ANZ)

About the Security Group / Team

Canva’s goal is to create the world's most trusted platform, making security a top priority. As our product, platforms, infrastructure, and corporate environments grow, so does our need to respond to an increasing threat landscape.

The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams implement preventive and detective controls across domains such as Identity and Access Management, Application Security, Risk Management, and Threat Detection and Response.

The Red Team emulates adversaries to test Canva’s detection and response capabilities. We identify new attack techniques, review industry trends, and develop credible attack scenarios to assess our defenses.

As a Red Team Security Engineer, your role involves collaborating with Threat Intelligence, Detection & Response, and Application Security teams to ensure Canva is prepared to respond effectively to real-world threats.

This role focuses on:

• Planning, designing, and executing sophisticated threat scenarios to identify vulnerabilities in Canva’s product, platform, and infrastructure.
• Researching attack paths and demonstrating risks through stealth operations and purple team engagements.
• Collaborating with incident responders to enhance threat detection and response capabilities.
• Communicating risks and mitigation strategies across teams and leadership.
• Providing guidance and mentorship to engineers conducting security assessments.
• Presenting operational outcomes to internal teams, engineering, product owners, and leadership.

You might be a good fit if you have:

• Experience as an offensive security engineer performing reconnaissance to action objectives.
• Ability to communicate findings and recommendations to technical and non-technical stakeholders.
• Practical knowledge of offensive security tools and techniques, including infrastructure operation.
• Ongoing learning about emerging security threats and their impact.
• Experience exploiting macOS, Linux endpoints, and SaaS environments.
• Understanding of cloud platforms like AWS and GCP.
• Proficiency in Golang or Python.

What’s in it for you?

We offer a dynamic work environment with opportunities for growth, including equity packages, inclusive parental leave, wellbeing allowances, and flexible leave options. Discover more at lifeatcanva.com.

Other details:

We hire based on experience, skills, and cultural fit. Please share your pronouns and any accommodations needed during the interview. Interviews are conducted virtually.

Join us in redefining how the world experiences design!

We embrace diverse backgrounds and welcome applications from all locations, with flexible work arrangements.