About This Opportunity Canva is one of the world's most widely used visual communication platforms, serving more than 150 million active users across 190 countries and valued at over $26 billion USD. What began as a browser-based design tool has grown into a global SaaS platform used by enterprises, educators, non-profits, and individuals for everything from marketing campaigns to data presentations — processing and storing sensitive content for millions of users every day. Protecting that platform at global scale — across AWS and GCP environments, with a cloud-native infrastructure built for hyper-growth — is a security engineering challenge of genuine complexity. The Senior Security Engineer, Incident Response role sits at the centre of Canva's security operations: leading incident response, building detection-as-code capabilities, and developing the automation and playbooks that allow Canva's security team to stay ahead of an evolving threat landscape. This is a role for a security engineer who codes — someone who treats detection rules and response automation as software engineering products, and who can simultaneously manage a high-severity incident and design the tooling that prevents the next one. --- What You’d Be Doing In This Role As Canva scales change continues to be part of our DNA. But we like to think that's all part of the fun. So, this will give you the flavor of the type of things you'll be working on when you start, but this will likely evolve. At The Moment, This Role Is Focused On Leading incident response coordination and acting as escalation point for security incidents across Canva's cloud-native infrastructure, including participation in the on-call roster Monitoring and investigating security threats across AWS, GCP, and hybrid environments, proactively hunting for anomalous behavior and potential intrusions Building and maintaining detection rules, automation workflows, and response playbooks using detection-as-code methodologies Developing tools and solutions for security incident alerting, management, and communication that prevent incident recurrence Maintaining comprehensive incident response documentation, lead post-incident reviews, and produce detailed incident reports Championing security best practices across secure development, network security, and security operations You're probably a match if You have demonstrable experience in incident response, security operations, and coordinating security events from detection through resolution You possess strong knowledge of cloud security architectures, attack techniques, and hands-on experience with cloud providers (AWS, GCP, or Azure) You've worked extensively with endpoint detection and response (EDR) platforms for investigations, analysis, and response actions You have an investigative mindset with ability to leverage OSINT techniques and solve ambiguous security problems with elegant solutions You excel at documentation, communication, and stakeholder management while effectively prioritizing multiple tasks in a dynamic, fast-paced environment You understand the role of security within the organization and apply risk-based decision making to security operations You're comfortable working with Linux, macOS, and modern security tooling --- Applying for This Role - **Dual cloud platform experience is required:** AWS and GCP are both explicitly named. Applicants strong in one but weak in the other should invest time bridging the gap before applying — Canva's infrastructure spans both. - **Detection-as-code is a core competency:** Prepare examples of detection rules you have written (Sigma, YARA, custom pipelines), automation workflows you have built, and the threats they were designed to catch. - **On-call experience should be discussed honestly:** The role includes on-call responsibilities. Be prepared to discuss how you manage high-severity incident response under pressure, including communication to stakeholders and post-incident review processes. - **Technical interview rigour:** Canva's security engineering interviews are technically demanding. Review incident response methodology, cloud attack techniques (MITRE ATT&CK for Cloud), and OSINT investigation approaches before your interview rounds. **Requirements:** Beneficial Experience (not Required, But Helpful) Background in forensic acquisition and analysis, including maintaining chain of custody Incident response in containerized and Kubernetes environments Ability to perform static and dynamic malware analysis Proficiency in scripting and programming languages (Python, Go, or similar) Experience with security automation platforms and SOAR tools Familiarity with detection-as-code practices and version control workflows Knowledge of MITRE ATT&CK framework and threat intelligence platforms **Benefits:** Achieving our crazy big goals motivates us to work hard - and we do - but you'll experience lots of moments of magic, connectivity and fun woven throughout life at Canva, too. We also offer a range of benefits to set you up for every success in and outside of work. Here's a Taste Of What's On Offer Equity packages - we want our success to be yours too Inclusive parental leave policy that supports all parents & carers An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally