Senior Security Engineer, Incident Response

• Lead incident response coordination and act as escalation point for security incidents across Canva cloud-native infrastructure. • Monitor and investigate security threats across AWS, GCP, and hybrid environments proactively hunting for anomalous behaviour and potential intrusions. • Build and maintain detection rules, automation workflows, and response playbooks using detection-as-code methodologies.

• Have demonstrable experience in incident response, security operations, and coordinating security events from detection through resolution. • Have strong knowledge of cloud security architectures, attack techniques, and hands-on experience with cloud providers such as AWS, GCP, or Azure. • Have worked extensively with endpoint detection and response platforms for investigations, analysis, and response actions. • Have an investigative mindset with ability to leverage OSINT techniques and solve ambiguous security problems. • Excel at documentation, communication, and stakeholder management while effectively prioritising multiple tasks in a dynamic fast-paced environment. • Understand the role of security within the organisation and apply risk-based decision making to security operations. • Be comfortable working with Linux, macOS, and modern security tooling.

• Have a background in forensic acquisition and analysis including maintaining chain of custody. • Have incident response experience in containerised and Kubernetes environments. • Have the ability to perform static and dynamic malware analysis. • Have proficiency in scripting and programming languages such as Python, Go, or similar. • Have experience with security automation platforms and SOAR tools. • Have familiarity with detection-as-code practices and version control workflows. • Have knowledge of the MITRE ATT&CK framework and threat intelligence platforms.

• Lead incident response coordination and act as escalation point for security incidents including participation in the on-call roster. • Monitor and investigate security threats across AWS, GCP, and hybrid environments proactively hunting for anomalous behaviour. • Build and maintain detection rules, automation workflows, and response playbooks using detection-as-code methodologies. • Develop tools and solutions for security incident alerting, management, and communication that prevent incident recurrence. • Maintain comprehensive incident response documentation, lead post-incident reviews, and produce detailed incident reports. • Champion security best practices across secure development, network security, and security operations.

• Receive equity packages. • Access inclusive parental leave policy that supports all parents and carers. • Receive an annual Vibe and Thrive allowance to support wellbeing, social connection, and office setup. • Access flexible leave options that empower you to be a force for good and take time to recharge. • Work from the London campus in Hoxton Square Shoreditch with choice in where and how you work.

Canva is redefining how the world experiences design. The Security Group is responsible for protecting Canva systems and data from information security threats. The Detection and Response team leads understanding of threats, continuously improves detection of relevant threat actor activity, and leads the company response to potential intrusions.