Head of Security Engineering at Canva
Sydney, AU

At Canva, we’re transforming the way the world designs by building a suite of easy-to-use design tools (for graphics, animation, video, and print) in over 100 languages, and across browser-based and mobile platforms.  

Since launch in April 2013, we have grown exponentially, amassing over 20 million users in over 100 languages.  We are one of the world’s fastest-growing technology companies in the world, with software engineering being a core part of who we are.  With a recent valuation of USD $3.2bn and having achieved profitability years ago, we’re building the foundation for the future growth of Canva as we expand our engineering/product development capabilities and global footprint, with new offices set to open in the United States.

In order to ensure we continue to we protect our users and our organization, we’re hiring a Head of Security Engineering to grow and lead the team of engineers that are responsible for analyzing and inspecting our software and systems, performing security assessments, conducting vulnerability testing, and building the tooling to expose areas of risk, and advise our development teams on how to bake security into our products and features.


Inform and provide guidance to the Canva leadership on security issues, priorities and opportunities

Initiate and drive company-wide programs, such as security certifications, new infrastructure rollouts, or large-scale service, product or process redesigns

Grow the security culture by identifying training opportunities and programs, and making security relevant to the day-to-day thinking of every Canvanaut

Provide in-team and cross-company leadership through direct and dotted-line management of security specialists across the company

Provide security expertise to the company across the cloud, application, enterprise, and detection/response, either directly, or by sustaining a diverse and healthy team

Be the public face of Canva’s security program through publications, communications, and participation in conferences and public events

Required Skills & Experience

A security practitioner, with at least 7 years experience in several of the following domains: Cloud Security, Application Security, Enterprise Security, Authentication Systems, Data Privacy and/or Incident Response

Experience architecting and leading transformative security programs in several of the following domains: Product Architecture; Infrastructure Architecture; Certifications and Compliance; Data Privacy

Knowledge of best practices for a cloud-first enterprise with multiple SaaS providers

Previous experience in software or systems engineering would be extremely beneficial in the role

Team leadership skills: You will have led teams of at least 10 in areas such as performance coaching, roadmap planning, improving BAU practices and service delivery

Strong stakeholder management skills, with the ability to influence others through education and collaboration

A growth-oriented mindset. Your approach is pragmatic, adaptable and positive, looking to grow security as a product feature, and security thinking as a foundational company value

Perks & Benefits

Competitive salary, plus stock options via our ESOP plan

Flexible daily working hours, we value work-life balance

Breakfast and lunch prepared by our wonderful Vibe team

Onsite-Gym and Yoga Membership

End-of-Trip Facilities: Bicycle parking and showers

Generous parental (including secondary) leave policy

Pet-friendly offices

Internal Coaches and an Employee Wellness Program

Sponsored social clubs, team events, and celebrations

Relocation budget for interstate or overseas individuals (see below for visa information)