Security Engineer - Red Team

at Canva
🇦🇺 Australia - Remote
🔒 Cybersecurity🔵 Mid-level

Job description

Company Description

Join the team redefining how the world experiences design.

Hey, g’day, mabuhay, kia ora, 你好, hallo, vítejte!

Thanks for stopping by. We know job hunting can be a little time-consuming, and you’re probably keen to find out what’s on offer, so we’ll get straight to the point.

Where and how you can work

Our flagship campus is in Sydney. We also have a campus in Melbourne and co-working spaces in Brisbane, Perth and Adelaide. But you have a choice in where and how you work. That means if you want to do your thing in the office (if you’re near one), at home or a bit of both, it’s up to you.

What you’d be doing in this role

As Canva scales change continues to be part of our DNA. But we like to think that’s all part of the fun. So this will give you the flavour of the type of things you’ll be working on when you start, but this will likely evolve.

Job Description

About the Security Group / Team

Canva’s goal is to create the world’s most trusted platform, which makes security a top priority. As our product, platforms, infrastructure, and corporate environments grow and evolve, so too does our need to respond to an ever-increasing threat landscape.

The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together and with other groups to deliver preventive and detective controls and processes that reduce security risk. The group runs programs across Identity and Access Management, Application Security, Risk Management, and Threat Detection and Response domains.

The Red Team focuses on emulating adversaries and testing Canva’s ability to detect and respond to them. We’re constantly identifying new and innovative attack techniques, reviewing the latest industry trends, and mapping out credible attack scenarios to run against Canva.

As a Red Team Security Engineer, your mission is to work together with Threat Intelligence, Detection & Response and Application Security teams to ensure that Canva is prepared and able to effectively respond to these real-world threats.

At the moment, this role is focused on:

  • Planning, designing, and executing sophisticated threat scenarios that emulate realistic adversary techniques to identify vulnerabilities and response gaps in Canva’s product, platform and infrastructure.
  • Researching viable attack paths and demonstrating how the risks may apply to Canva through stealth operations and collaborative purple team engagements.
  • Collaborating closely with security incident responders to continuously uplift Canva’s threat detection and response capabilities.
  • Engaging with cross-functional teams across Canva to communicate risks, provide recommendations and develop effective risk mitigation strategies for enhancing security posture.
  • Providing technical guidance, mentoring, and support to engineers conducting security assessments and vulnerability analysis.
  • Communicate and present operational outcomes at various levels of the business, including internal teams and the wider engineering organisation, as well as product owners and leadership.

You’re probably a match if you have

  • Demonstrated experience as an offensive security engineer and performing team engagements from reconnaissance through to actioning on objectives.
  • Ability to effectively communicate operational findings, risk ratings and recommendations to technical and non-technical stakeholders; build rapport with engineering and security teams to drive post-engagement outcomes.
  • Practical experience with offensive security tools and techniques, and how they can be applied within a complex business environment; experience operating offensive tooling and infrastructure (e.g. C2 frameworks, short haul vs. long haul infrastructure).
  • Continuous development of knowledge around current and emerging security threats, and how those threats could impact Canva.
  • Experience exploiting macOS and Linux endpoints, as well as corporate SaaS environments.
  • Solid foundational understanding of cloud infrastructure platforms (e.g. AWS, GCP).
  • Software development experience, with proficiency in either Golang or Python

What’s in it for you?

Achieving our crazy big goals motivates us to work hard - and we do - but you’ll experience lots of moments of magic, connectivity and fun woven throughout life at Canva, too. We also offer a stack of benefits to set you up for every success in and outside of work.

Here’s a taste of what’s on offer:

  • Equity packages - we want our success to be yours too
  • An inclusive parental leave policy that supports all parents & carers
  • An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
  • Flexible leave options that empower you to be a force for good, take time to recharge and support you personally

Check out lifeatcanva.com for more info.

Other stuff to know

We make hiring decisions based on your experience, skills and passion, as well as how you can enhance Canva and our culture. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.

Please note that interviews are conducted virtually.

Share this job:
Please let Canva know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Canva logo

Canva

Online design and publishing tool

  • Founded in 2013
  • 104 remote jobs

Latest Jobs at Canva

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply