Oct 13, 2021

Security Engineer - Application Security (AppSec)

  • Canva
  • Sydney NSW, Australia

Job Description

We’re constantly working towards making Canva the best place to work, for everyone. We believe deeply that bringing together diversity of thoughts, perspectives and expression is key for building the best product for our equally diverse community all around the world. We celebrate uniqueness and whatever makes you, you and encourage everyone who wants to help us transform the way the world designs, to join us on this journey. We value all different types of experiences. If you don’t think you quite meet all of the qualifications, we’d still love to hear from you.  

About Us
At Canva, our mission is to democratise design and empower creativity for anyone and everyone, on every platform. Inspired by a team of talented thinkers, an amazing culture and a remarkable growth trajectory – we’re out to change the world, one design at a time. 

Since launch in August 2013, we have grown exponentially, amassing over 60 million monthly active users across 190 different countries who have created more than 6 Billion designs. We are one of the world’s fastest-growing technology companies and we have only achieved about 1% of what we want to do.

In order to ensure we continue to protect our users and our organization, we’re reinforcing our security capability across the board and growing our application security team as well as other security teams.  We’re seeking talented individuals who will be responsible for shaping what security engineering looks like at Canva and building out capability for threat modeling, design reviews, building secure code libraries, and advising our development teams on how to bake security into our products and features. 

The application security team's mission is to find and fix vulnerabilities at scale. A big part of your future is the ability to reason through vulnerabilities, discover them, and eliminate them. We aim to use the best tools available (or build new ones) to eliminate entire bug classes and protect Canva services.

This position is vital to ensuring the ongoing security of the Canva service and will be instrumental in working with Canva engineering teams to build and operate robust and secure software and systems. This is a great opportunity to be on the leading edge of cloud-based software security and simultaneously gain intimate knowledge of large-scale SaaS products and services. 

Responsibilities

  • Introduce and improve security controls in all stages of the software development lifecycle.
  • Design and develop tools, libraries, and services to support Canva engineers in building secure software.
  • Influence and advise engineering teams in how to design, develop, and operate Canva services.
  • Manage bug bounty and penetration testing programs.
  • Work closely with the Detection and Response team on root cause analysis for security incidents and respond to them in a quick manner.
  • Evaluate new and emerging security technologies, features, and products.
  • Reverse vulnerabilities into detections, find them across the entire codebase and work with teams to fix them.

Required Experience

  • Experience with a modern program language (Golang, Python, or Java preferred)
  • Experience with cloud platforms (AWS preferred, but GCP or Azure are also acceptable!)
  • Knowledge of common web-based vulnerabilities and appropriate mitigations (OWASP Top 10)
  • Knowledge of web application security best practices.

Beneficial Experience

  • Contributions to the security community (public research, blogging, presentations, etc)
  • Experience building or reviewing threat models
  • Knowledge of identity and authorization standards like OAuth, OpenID Connect, SAML
  • Familiarity with cryptographic protocols and practical applications
  • Hands-on experience with API design and implementation
  • Hands-on experience with security tools such as software composition analysis, static analysis, etc.
  • Familiarity with infrastructure as code (e.g Terraform)

Perks and Benefits

  • Competitive salary, plus stock options via our ESOP plan
  • Flexible daily working hours, we value work-life balance
  • Breakfast and lunch prepared by our wonderful Vibe team
  • Onsite-Gym and Yoga Membership
  • End-of-Trip Facilities: Bicycle parking and showers
  • Generous parental (including secondary) leave policy
  • Pet-friendly offices
  • Internal Coaching and an Employee Wellness Program
  • Sponsored social clubs, team events, and celebrations
  • Relocation budget for interstate individuals
This role is open to remote applications from folks who reside within Australia.

We will not under any circumstances be accepting any CVs or resumes from recruitment agencies.

We make hiring decisions based on your experience, skills and passion. If you’re keen to apply and need reasonable adjustments or would like to note which pronouns you use at any point in the application or interview process, please let us know.