Additional Information
Join the team redefining how the world experiences design.
Hey, g'day, mabuhay, kia ora, 你好, hallo, vítejte!
Thanks for stopping by. We know job hunting can be a little time consuming and you're probably keen to find out what's on offer, so we'll get straight to the point.
Where and how you can work
Our flagship campus is in Sydney. We also have a campus in Melbourne and co-working spaces in Brisbane, Perth and Adelaide. But you have choice in where and how you work, we trust our Canvanauts to choose the balance that empowers them and their team to achieve their goals.
What you'd be doing in this role
As Canva scales change continues to be part of our DNA. But we like to think that's all part of the fun. So this will give you the flavour of the type of things you'll be working on when you start, but this will likely evolve.
At the moment, this role is focused on:
Lead high-complexity investigations involving sophisticated techniques and potential legal or regulatory considerations
Coordinate closely with Legal, People, and Security teams on investigation scope, evidence handling, privacy considerations, and response activities
Write detailed investigation reports documenting findings, evidence, impact, and recommendations for technical and non-technical stakeholders
Respond to security events from detection through to containment, remediation, and resolution
Create and improve detection logic, correlation rules, and alerts across SIEM and EDR platforms
Proactively run threat hunting and anomaly detection exercises across Canva's environment
Design and improve scalable tooling, workflows, and operational processes that strengthen Canva's incident detection, investigation, and response capabilities
Act as an escalation point and incident coordinator during active investigations and security incidents
Participate in a collaborative on-call rotation supporting critical security investigations and incident response activities
Mentor and support the growth of teammates through knowledge sharing, operational guidance, and investigation best practices
You're probably a match if
You have experience leading or coordinating security investigations, digital forensics, or incident response activities in complex environments
You're comfortable working cross-functionally with Legal, People, and Security teams, and can communicate clearly during high-pressure situations
You're able to translate complex technical concepts for diverse audiences, including non-technical stakeholders
You've built or improved detection, automation, case management, or response workflows at scale
You have hands-on experience investigating macOS environments, alongside Linux and Windows systems
You're comfortable designing, building, and improving security tooling and operational workflows
You're confident working with SIEM, EDR, endpoint telemetry, and security investigation tooling
You enjoy solving ambiguous problems and proactively improving systems, processes, and operational maturity
You bring empathy, sound judgement, humility, and a collaborative mindset to sensitive investigations and incident coordination
You have programming or scripting experience in languages such as Python, Golang, or Java
Nice to have experience
Experience with insider threat programs or user behaviour analytics (UBA/UEBA)
Familiarity with DLP technologies and endpoint monitoring solutions
Experience building security automation or orchestration tooling
Exposure to legal evidence handling, privacy investigations, or law enforcement collaboration
Experience operating in cloud-native or large-scale SaaS environments
Canva · Sydney, Australia