Nov 03, 2021

Security Testing Manager

  • Canva
  • Sydney NSW, Australia

Job Description

We’re constantly working towards making Canva the best place to work, for everyone. We believe deeply that bringing together diversity of thoughts, perspectives and expression is key for building the best product for our equally diverse community all around the world. We celebrate uniqueness and whatever makes you, you and encourage everyone who wants to help us transform the way the world designs, to join us on this journey. We value all different types of experiences. If you don’t think you quite meet all of the qualifications, we’d still love to hear from you.  
About UsAt Canva, our mission is to democratise design and empower creativity for anyone and everyone, on every platform. Inspired by a team of talented thinkers, an amazing culture and a remarkable growth trajectory – we’re out to change the world, one design at a time. 
Since launch in August 2013, we have grown exponentially, amassing over 60 million monthly active users across 190 different countries who have created more than 6 Billion designs. We are one of the world’s fastest-growing technology companies and we have only achieved about 1% of what we want to do.
About Security Engineering Managers
At Canva, we’re all constantly striving towards our Crazy Big Goals! As the features and services of our product suite evolve, we’re setting some large and ambitious goals. We need to be able to ship robust and secure features without sacrificing speed and scale of delivery, which is where our Security Engineering Managers come in. 
As a Security Engineering Manager, it is your mission to lead teams of talented security engineers to make delivering secure products and features the easiest path for software engineers to follow. You will define security strategies and roadmaps for your services, and support your teams to solve complex security problems at scale.
About the Security Group The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk. The group runs programs across Identity and Access Management, Application Security, Risk Management, and Threat Detection and Response domains.  

What you will be doing

  • Leading our red team to plan and execute scenario-based adversary simulations and educating the company on findings through reports, briefings, and presentations
  • Working with business leaders to understand the security events with the highest business impact and how the red team can help assess the likelihood of recurrence
  • Building a new penetration test function through strategy development and hiring
  • Identify risk through security testing of Canva systems and applications, and vendor products and services
  • Measuring and continuously improving the services that you provide
  • Driving technical strategy and providing leadership to your team in a fast-paced, innovation-focused environment
  • Fostering a culture of communication, bridging the communication gap between teams, group, and company leadership
  • Investing in working with engineers on growth and development opportunities to help further their skillset and grow into new roles, with an ability to deliver relevant and timely feedback (positive & constructive) to help them to continuously improve and learn
  • Be heavily involved in hiring; build and grow high-performing and highly engaged teams of world-class engineers by attracting, interviewing, and selecting talent for your group
  • Coordinating and communicating across various specialties and parts of the business to understand the impact and feasibility of strategy goals within the group

Required Skills and Experience

  • Five or more (5+) years of technical and people leadership as a manager of managers/leader of leads
  • Previously built high-performing and collaborative teams where everyone is able to share their best ideas and be their best selves
  • Subject matter expertise in one or more of Offensive Security, Application Security, Vulnerability Management, and Identity and Access Management domains
  • Previous experience in cloud-based environments (AWS, Google Cloud, Azure) with a working knowledge of broad infrastructure functions - CI/CD pipelines, automation, site reliability etc.
  • Excellent written and verbal communication skills; with the ability to work with a diverse range of individuals from different backgrounds, with different expertise, and with different professional and personal needs
  • Experience making careful engineering tradeoffs, particularly around "Build vs Buy", evaluating potential third party systems to partner with, and managing and working with vendors to meet Canva's business needs
  • Strong customer focus to understand the use cases and requirements of internal stakeholders, and identify opportunities to empower them to do their best work
  • Be capable of leading by example - promoting Canva’s values, no-blame mentality, and engineering values.

Beneficial Experience

  • Subject-matter expertise of Amazon Web Services and associated technologies and products within the AWS ecosystem, especially IAM and security-specific services
  • Previous experience leading teams to scale security solutions through automation, continuously reducing the tax that security requirements can impose on software development and operations
We make hiring decisions based on your experience, skills and passion. If you’re keen to apply and need reasonable adjustments or would like to note which pronouns you use at any point in the application or interview process, please let us know.