Mar 25, 2022

Senior Application Security Engineer - Security Partnerships

  • Canva
  • Sydney, New South Wales, Australia

Job Description

Canva’s Commitment and Mission
At Canva, we celebrate diversity. We deeply believe that bringing together diversity of thoughts, perspectives and expression is key to building the best product, team and company. We mean it when we say we want to create a diverse and inclusive workplace where we value all different types of experiences and want to create a space and culture where you feel like you belong.

We know it can be a tricky time applying for roles, wondering if the role is right for you and if you and your experience are right for the role too. Many people won’t apply for roles unless they feel that they tick every single box. At Canva we look for many different skills and abilities and we’re always looking for how new team members can add to Canva and our culture. So if you don’t think you quite meet all of the skills listed, we’d still love to hear from you! 

Our mission at Canva is to empower the world to design and since launching in 2013, we have grown exponentially, amassing over 80 million monthly active users across 190 different countries and a team of over 2,800 people… and the best bit is that we’ve only achieved 1% of what we know we’re capable of. 

Be a Force for Good
We’re driven by our values, with our ‘Be a Force for Good’ value supporting everything that we do. Through your work on our product or team, and our community initiatives and sustainability programs, you’re given the opportunity to come to Canva and make a tangible difference to the lives of others in your day-to-day life. In addition to our Founder’s 30% Pledge, Canva is committed to Pledge 1% and actively encourage our team to participate in many ways, including taking paid volunteer leave.

Your journey with Canva could take you to places that you might not even imagined yet. There’s opportunity around every corner and the support to help you achieve your goals.

Join us and design your future.

About the group:

The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk. The group runs programs across Identity and Access Management, Application Security, Risk Management, and Threat Detection and Response domains.  

As an Application Security Engineer, it is your mission to make delivering secure products and features the easiest path for software engineers to follow. You are responsible for shaping what security engineering looks like at Canva, and continuously improving how the entire company delivers secure products to our Community throughout the product delivery process.  

Open to remote applicants across Australia and New Zealand

What you'll be doing!

  • Identifying, introducing, and improving security controls in all stages of the software development lifecycle (SDLC)
  • Advising engineers on system and application security best practices and design patterns
  • Leading threat modelling exercises for new and complex products and features
  • Designing and developing tools, libraries and services that support Canva engineers in building secure software
  • Evaluating new and emerging security technologies, features, and products that make it easier to reliably build secure software
  • Discovery and triage of vulnerabilities across Canva’s threat landscape
  • Finding novel ways to eliminate entire bug classes across the Canva codebase
  • Assisting your team in interviewing and hiring other talented security engineers
  • Mentoring and supporting the growth of your colleagues in your areas of expertise

Required skills:

  • Previous experience working with engineering teams to detect and remediate vulnerabilities as early as possible in the Software Development Life Cycle (“shift left”), including experience building and reviewing threat models for systems
  • Knowledge of common web application vulnerabilities and appropriate mitigations (OWASP Top 10)
  • Familiarity with cryptographic protocols and practical applications
  • Working knowledge of identity and authorization standards like OAuth, OpenID Connect, SAML
  • Proficient with one or more modern program languages (Golang, Python or Java preferred)
  • Experience leading projects end-to-end whilst balancing requirements from multiple stakeholders, and mentoring other Application Security Engineers
  • Excellent written and verbal communication skills; with the ability to work with a diverse range of individuals from different backgrounds, with different expertise, and with different professional and personal needs

Nice to have! (Not required, but helpful)

  • Subject-matter expertise of Amazon Web Services and associated technologies and products within the AWS ecosystem, especially IAM and security-specific services
  • Familiarity with infrastructure as code (e.g Terraform)
Working at Canva 
Our culture is unlike anywhere else and together we design your #CanvaLife experience to empower you to do the best work of your life.  

Whether you’re in the office, working from home or choosing your own adventure, we recognise that every single person is unique and our Canvanaut benefits aim to ensure we cater for all.  

Our benefits for permanent Canvanauts include: 
Equity packages for you to truly be a part of the Canva journey 
Hybrid work model (in-office & from home) coming together for 8 days a year. The rest, you choose where you work best. 
Flexible leave so you can recharge, give back, support others or focus on your own professional development.
Inclusive parental leave policy that supports all parents and carers throughout their parenting and caring journey.
An annual Vibe & Thrive allowance. This is for you to spend on whatever will support your wellbeing and development. It could be anything, from a Masterclass subscription to an electronic stand-up desk, a pilates membership, or dinner out with a teammate. Because you know what you need to Vibe and Thrive, better than anyone.
Virtual and in-office wellness benefits including Canva University, Employee Assistant Programs, Fitness Classes and other benefits to support your physical, mental, and social wellbeing.
Canva For Good program matching your not-for-profit donations and a range of sustainability and ethical initiatives to get involved in.  

We make hiring decisions based on your experience, skills and passion. Please note that interviews are conducted virtually. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.