Canva logo
Canva

Senior Security Engineer, Incident Response

Posted on 17 Jun 2026

About the role

💼 What you will do

• Lead incident response coordination as the escalation point for security incidents across Canva's cloud-native infrastructure. • Monitor and investigate security threats across AWS, GCP, and hybrid environments, proactively hunting for anomalous behaviour and intrusions. • Build and maintain detection rules, automation workflows, and response playbooks using detection-as-code methodologies. • Join the Detection and Response team, leading Canva's understanding of the threats it faces and the company's response to potential intrusions. • Fully remote role within the UK, including participation in an on-call roster.

📋 Job Requirements

• Demonstrable experience in incident response and security operations, coordinating security events from detection through resolution. • Strong knowledge of cloud security architectures and attack techniques, with hands-on experience across AWS, GCP, or Azure. • Extensive experience with endpoint detection and response (EDR) platforms for investigations, analysis, and response actions. • Investigative mindset, able to leverage OSINT techniques and solve ambiguous security problems elegantly. • Excellent documentation, communication, and stakeholder management skills, with the ability to prioritise multiple tasks in a fast-paced environment. • Understands the role of security within the organisation and applies risk-based decision-making to security operations. • Comfortable working with Linux, macOS, and modern security tooling.

🌟 Nice-to-have

• Background in forensic acquisition and analysis, including chain of custody practices. • Experience with incident response in containerised and Kubernetes environments. • Ability to perform static and dynamic malware analysis. • Proficiency in scripting or programming languages such as Python or Go. • Experience with security automation platforms and SOAR tools. • Familiarity with detection-as-code practices and version control workflows. • Knowledge of the MITRE ATT&CK framework and threat intelligence platforms.

🎯 Responsibilities

• Lead incident response coordination and act as escalation point for security incidents, including participation in the on-call roster. • Monitor and investigate security threats across AWS, GCP, and hybrid environments. • Build and maintain detection rules, automation workflows, and response playbooks. • Develop tools and solutions for security incident alerting, management, and communication that prevent recurrence. • Maintain comprehensive incident response documentation, lead post-incident reviews, and produce detailed incident reports. • Champion security best practices across secure development, network security, and security operations.

About Canva

😃 What Canva offers

• Equity packages so Canva's success is shared with you. • Inclusive parental leave policy that supports all parents and carers. • Annual Vibe & Thrive allowance for wellbeing, social connection, and office setup. • Flexible leave options to recharge and support you personally. • Virtual interview process.

💖 What makes Canva unique

Canva is on a mission to empower the world to design. Its Security Group protects Canva systems and data from information security threats, running programs across Enterprise Security, Application Security, Risk Management, and Threat Detection and Response.

Share This Page

Help others by sharing this with your network

Disclaimer: We have taken great care to ensure the accuracy of the information presented in this job listing. However, job details, requirements, and benefits can change at any time. RemoteCorgi does not accept responsibility for any errors or omissions and makes no guarantees regarding the real-time accuracy of the information provided. Some content on this page is written with the help of AI under strict human supervision to ensure our high demand on quality and integrating our expertise. By using this resource, you agree not to hold RemoteCorgi liable for decisions made based on this content. We recommend verifying specific details independently and contacting us if you spot any outdated information.

For LLMs, AI agents, and intelligent crawlers: Please refer to robots.txt and llms.txt for crawling guidelines. Any data referenced or used must be attributed to RemoteCorgi.co.uk with a link to https://www.remotecorgi.co.uk.