Security Engineer - Red Team

Summary

Join Canva's Security Group as a Red Team Security Engineer and play a critical role in protecting Canva's systems and data. You will design and execute sophisticated threat scenarios, research attack paths, collaborate with incident responders, and engage with cross-functional teams to mitigate security risks. This role requires experience in offensive security engineering, communication of findings, and proficiency with offensive security tools and techniques. The position involves working with macOS and Linux endpoints, corporate SaaS environments, and cloud infrastructure platforms. Canva offers a range of benefits, including equity packages, inclusive parental leave, a wellbeing allowance, and flexible leave options.

Requirements

• Demonstrated experience as an offensive security engineer and performing team engagements from reconnaissance through to actioning on objectives
• Ability to effectively communicate operational findings, risk ratings and recommendations to technical and non-technical stakeholders; build rapport with engineering and security teams to drive post-engagement outcomes
• Practical experience with offensive security tools and techniques, and how they can be applied within a complex business environment; experience operating offensive tooling and infrastructure (e.g. C2 frameworks, short haul vs. long haul infrastructure)
• Continuous development of knowledge around current and emerging security threats, and how those threats could impact Canva
• Experience exploiting macOS and Linux endpoints, as well as corporate SaaS environments
• Solid foundational understanding of cloud infrastructure platforms (e.g. AWS, GCP)
• Software development experience, with proficiency in either Golang or Python

Responsibilities

• Planning, designing, and executing sophisticated threat scenarios that emulate realistic adversary techniques to identify vulnerabilities and response gaps in Canva’s product, platform and infrastructure
• Researching viable attack paths and demonstrating how the risks may apply to Canva through stealth operations and collaborative purple team engagements
• Collaborating closely with security incident responders to continuously uplift Canva’s threat detection and response capabilities
• Engaging with cross-functional teams across Canva to communicate risks, provide recommendations and develop effective risk mitigation strategies for enhancing security posture
• Providing technical guidance, mentoring, and support to engineers conducting security assessments and vulnerability analysis
• Communicate and present operational outcomes at various levels of the business, including internal teams and the wider engineering organisation, as well as product owners and leadership

Benefits

• Equity packages - we want our success to be yours too
• An inclusive parental leave policy that supports all parents & carers
• An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
• Flexible leave options that empower you to be a force for good, take time to recharge and support you personally