Jun 02, 2022

Security Engineer - Red Team, Open to remote across ANZ

  • Canva
  • Sydney, New South Wales, Australia

Job Description

Canva’s Commitment and Mission

At Canva, we celebrate diversity. We deeply believe that bringing together diversity of thoughts, perspectives and expression is key to building the best product, team and company. We look for many different skills and abilities, as well as how you can enhance Canva and our culture. So, even if you don’t think you quite meet all of the skills listed or tick all the boxes, we’d still love to hear from you! 

Our mission at Canva is to empower the world to design and since launching in 2013, we have grown exponentially, amassing over 75 million monthly active users across 190 different countries and a team of over 2,800 people… and the best bit is that we’ve only achieved 1% of what we know we’re capable of. 

Join us and design your future.

About the Red Team

The Red Team’s mission is to test at depth the capabilities of Canva, at all levels, to withstand, react and respond to adversarial activities within their environment. This encompasses project-based Red Team engagements sought at targeted segments of the business, as well as adversary simulation and penetration testing of the Canva platform, critical supply-chain vendors, and the business.

This position is vital to ensuring that Canva’s systems are built and managed to the highest level possible, and that the vendors and processes used within Canva are sufficiently resilient and adaptable to the threats that exist as a fast growing SaaS product and company.

What you'll be doing!

  • Design and complete Red Team adversarial exercises on Canva product sets, features and the Canva platform
  • Design and implement Red Team adversarial simulations against Canva business units and assets
  • Documentation of assessments against the product, business or vendors
  • Work closely with vendors, developers and security Detection and Response teams to educate about discovered findings.
  • Influence and advise teams in how to craft, develop, and operate services within Canva
  • Evaluate new and emerging security technologies, features, and products
  • Assist with testing and assessment of vendors that Canva has a significant interest in

Required experience:

  • Validated experience performing offensive security testing against SaaS and Cloud environments, and internal business units
  • Outstanding experience leading Red Team operations. Solid understanding of the use of Red Team frameworks like MITRE ATT&CK or equivalents in development, and execution of exercises
  • Experience building custom tools to perform discovery and/or exploitation of vulnerabilities
  • Experience with a modern programming language (Golang, Python, or Java preferred)
  • Experience with cloud platforms (AWS preferred, but GCP or Azure are also acceptable)
  • Knowledge of web application security standard methodologies
  • Experience presenting technical results to technical and non-technical audiences at Executive/Group Lead levels through written reports and presentations

Preferred qualifications:

  • Offensive Security (OSCP/OSCE), CREST (CSAS/CSAM), SANS (SEC542), SpecterOps (ATRTO/ATMT) or equivalent certifications or experience
  • Contributions to the security community (public research, blogging, presentations, etc.)
  • Knowledge of identity and authorisation standards like OAuth, OpenID Connect, SAML
  • Familiarity with cryptographic protocols and practical applications
  • Familiarity with infrastructure as code and containerisation (Terraform, Docker etc.)



Working at Canva 

Our culture is unlike anywhere else and we design your #CanvaLife experience to empower you to do the best work of your life.  

Whether you’re in the office, working from home or choosing your own adventure, our benefits for permanent Canvanauts include: 

Equity packages for you to truly be a part of the Canva journey. 
We have a hybrid work model (in-office & from home), so while our offices are always open to you, we aim to come together for 8 days a year at minimum - balancing flexibility and connection
Flexible leave so you can recharge, give back, support others or focus on your own professional development.
Inclusive parental leave policy that supports all parents and carers throughout their parenting and caring journey.
An annual Vibe & Thrive allowance. This is for you to spend on whatever will support your wellbeing and development.. because you know what you need to Vibe and Thrive, better than anyone.
Virtual and in-office wellness benefits including Canva University, Employee Assistant Programs and Fitness & Meditation Classes.
Canva For Good program matching your not-for-profit donations, Force for Good leave (3 paid volunteering days) and a range of sustainability and ethical initiatives to get involved in.   

We make hiring decisions based on your experience, skills and passion. Please note that interviews are conducted virtually. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.