Senior Security Engineer - DevSecOps, Open to remote across ANZ

Canva’s Commitment and Mission
At Canva, we celebrate diversity. We deeply believe that bringing together diversity of thoughts, perspectives and expression is key to building the best product, team and company. We look for many different skills and abilities, as well as how you can enhance Canva and our culture. So, even if you don’t think you quite meet all of the skills listed or tick all the boxes, we’d still love to hear from you! 
Our mission at Canva is to empower the world to design and since launching in 2013, we have grown exponentially, amassing over 75 million monthly active users across 190 different countries and a team of over 2,800 people… and the best bit is that we’ve only achieved 1% of what we know we’re capable of. 
Join us and design your future.
About Developer Platform:
Stable, scalable, and well-maintained systems are the foundations of our development and design processes. The Developer Platform Group’s mission is to empower any engineer to develop and ship exciting features with the highest efficiency and quality. We do this by building infrastructure tools and processes that facilitate the entire development life-cycle. This includes our CI systems, build tools, IDE workflows, source control, and more.

What you'll be doing!

• Advising engineers on DevSecOps best practices, including secure design patterns for Continuous Integration, Continuous Delivery, and Infrastructure as Code.
• Leading threat modelling exercises for new and sophisticated products and features
• Identifying, introducing, and improving security controls in all stages of the software development lifecycle
• Crafting and developing tools, libraries and services that support Canva engineers in building secure software
• Evaluating new and emerging security technologies, features, and products that make it easier to reliably build secure software
• Discovery and triage of vulnerabilities across Canva’s threat landscape
• Finding novel ways to eliminate entire bug classes across the Canva codebase
• Assisting your team in interviewing and hiring other talented security engineers
• Mentoring and supporting the growth of your colleagues in your areas of expertise

Experience required:

• Previous experience working with engineering teams to detect and remediate vulnerabilities within the DevOps ecosystem (e.g. Continuous Delivery, Continuous Integration, Infrastructure as Code)
• Experience securing Linux services in AWS, Google Cloud, or Azure
• Familiarity with cryptographic protocols and applications
• Proven understanding of identity and authorization standards like OAuth, OpenID Connect, SAML
• Proficient with one or more modern program languages (Golang, Python or Java preferred)
• Experience leading projects end-to-end whilst balancing requirements from multiple partners, and mentoring Application Security Engineers
• Excellent written and verbal communication skills; with the ability to work with a range of Canvanauts from different backgrounds, with different expertise, and with different professional and personal needs

Beneficial experience (not required, but helpful!)

• Subject-matter expertise of Amazon Web Services and associated technologies and products within the AWS ecosystem, especially IAM and security-specific services
• Familiarity with infrastructure as code (e.g Terraform)
• Knowledge of and experience improving CI systems and Static Analysis
• Exceptional knowledge on IDE plugins and integrations; particularly with Bazel
• Being familiar and comfortable securing tools used for source control

Working at Canva 
Our culture is unlike anywhere else and we design your #CanvaLife experience to empower you to do the best work of your life.  
Whether you’re in the office, working from home or choosing your own adventure, our benefits for permanent Canvanauts include: 
• Equity packages for you to truly be a part of the Canva journey.  • We have a hybrid work model (in-office & from home), so while our offices are always open to you, we aim to come together for 8 days a year at minimum - balancing flexibility and connection • Flexible leave so you can recharge, give back, support others or focus on your own professional development. • Inclusive parental leave policy that supports all parents and carers throughout their parenting and caring journey. • An annual Vibe & Thrive allowance. This is for you to spend on whatever will support your wellbeing and development.. because you know what you need to Vibe and Thrive, better than anyone. • Virtual and in-office wellness benefits including Canva University, Employee Assistant Programs and Fitness & Meditation Classes. • Canva For Good program matching your not-for-profit donations, Force for Good leave (3 paid volunteering days) and a range of sustainability and ethical initiatives to get involved in.   
We make hiring decisions based on your experience, skills and passion. Please note that interviews are conducted virtually. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.