Application Security Engineer - Security Champions (12 month Fixed-Term Contract)

Canva

Canva

Sydney, NSW, Australia
Posted on Jun 24, 2024

Job Description

Join the team redefining how the world experiences design.

Hey, g'day, mabuhay, kia ora,你好, hallo, vítejte!

Thanks for stopping by. We know job hunting can be a little time consuming and you're probably keen to find out what's on offer, so we'll get straight to the point.

Where and how you can work

Our flagship campus is in Sydney. We also have a campus in Melbourne and co-working spaces in Brisbane, Perth and Adelaide. But you have choice in where and how you work. That means if you want to do your thing in the office (if you're near one), at home or a bit of both, it's up to you.

About the role

At Canva, we’re all constantly striving towards our Crazy Big Goals! As the features and services of our product suite evolve, we’re setting some large and adventurous goals. We need to balance shipping resilient and secure features whilst maintaining velocity.


The Application Security team embraces an engineering-first mindset, and is focussed on ​​empowering engineering to understand and own their security landscape. A significant enabler of this mission is our Security Champions program: a program utilizing education, culture and technical knowledge sharing, to enable our growing engineering workforce to effectively engage with a preventative approach to security.


As a Security Champions specialist, your focus will be continuously growing, improving and facilitating the Security Champions program. This will compliment your other responsibilities as an Application Security engineer as you build upon how the entire company delivers secure products to our Community throughout the product delivery process.

About the Security Group

The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk.

The group runs programs across Identity and Access Management, Application Security, Risk Management, Enterprise Security, and Threat Detection and Response domains.

Role Responsibilities:

  • Exercising ownership over the Security Champions program as it expands
  • Leading working groups of Security Champions to enact company wide security uplifts
  • Transforming found vulnerabilities into reproducible technical challenges for engineers to learn from
  • Building and maintaining the infrastructure and services critical to supporting trainings and related programs.
  • Advising engineers on system and application security best practices and design patterns
  • Identifying, introducing, and improving security controls in all stages of the software development lifecycle
  • Discovery and triage of vulnerabilities across Canva’s threat landscape
  • Building positive and effective working relationships with software engineers

Required Experience:

We’re looking for an Application Security Engineer who is excited to share a passion for cyber security with others. As with any good teacher, mastery over the subject matter and ability to connect with learners is of upmost importance. We’re also looking for someone keen to flex their development muscles, as we build the technical systems necessary to operationalize learnings, quickly transforming vulnerabilities into trainings.

  • Excellent written and verbal communication skills; with the ability to work with a diverse range of Canvanauts from different backgrounds, with different expertise, and with different professional and personal needs
  • Knowledge of common web application vulnerabilities and appropriate remediation and mitigation strategies, including OWASP top 10
  • Proficient with one or more modern programming languages (Golang, Python or Java preferred)
  • Experience in working in close proximity to software engineers outside the security speciality
  • Ability to deliver project work in a timely manner while taking into consideration competing priorities.

Beneficial Experience (not required, but helpful):

  • Experience running educational or cultural security programs
  • Proficient in contemporary pedagogies
  • Familiarity with Amazon Web Services and associated technologies and products within the AWS ecosystem, especially IAM and security-specific services
  • Previous exposure to infrastructure as code (e.g Terraform)

What's in it for you?

Achieving our crazy big goals motivates us to work hard - and we do - but you'll experience lots of moments of magic, connectivity and fun woven throughout life at Canva, too. We also offer a stack of benefits to set you up for every success in and outside of work.

Here's a taste of what's on offer:

  • Equity packages - we want our success to be yours too
  • Inclusive parental leave policy that supports all parents & carers
  • An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
  • Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally

Check out lifeatcanva.com for more info.

Other stuff to know

We make hiring decisions based on your experience, skills and passion, as well as how you can enhance Canva and our culture. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.

We celebrate all types of skills and backgrounds at Canva so even if you don’t feel like your skills quite match what’s listed above - we still want to hear from you!

Please note that interviews are conducted virtually.