Senior Security Engineer - Incident Response

Location: Team Engineering

Team: Country London / United Kingdom

About the Role

Join the team redefining how the world experiences design at Canva! We're looking for a Senior Security Engineer - Incident Response to safeguard our innovative, design-focused platform used by millions of creators worldwide. Based in our buzzing London campus in Shoreditch – Europe's HQ with leafy Hoxton Square vibes, home-cooked meals, and collaborative spaces – you'll enjoy a hybrid model that empowers you to balance office magic with focused work. As part of our Detection and Response team within the Security Group, you'll protect Canva's cloud-native infrastructure (AWS, GCP) while collaborating with engineering squads to embed security into our creative tools, ensuring users can design without worry. In this role, you'll lead incident response efforts, hunt threats proactively, build detection automation, and champion best practices in a fast-scaling environment where change is exciting DNA. Expect to coordinate escalations, craft response playbooks, conduct post-mortems, and develop tools that prevent recurrence – all while fostering a culture of security awareness across our design-loving teams. Your investigative prowess and risk-based mindset will shine as you tackle ambiguous problems with elegant, scalable solutions. Canva's collaborative culture thrives on diverse skills and passion – even if you don't match every bullet, we want to hear from you! You'll join a team passionate about threat detection, working with modern tooling on Linux/macOS/EDR, and contributing to our global mission. With equity, inclusive leave, Vibe & Thrive perks, and moments of connectivity, you'll thrive while helping protect the world's creativity. Apply now and help us keep Canva secure for creators everywhere.

Key Responsibilities

• Lead incident response coordination and act as escalation point for security incidents across Canva's cloud-native infrastructure, including on-call roster participation
• Monitor and investigate security threats across AWS, GCP, and hybrid environments, proactively hunting for anomalous behavior and potential intrusions
• Build and maintain detection rules, automation workflows, and response playbooks using detection-as-code methodologies
• Develop tools and solutions for security incident alerting, management, and communication to prevent recurrence
• Maintain comprehensive incident response documentation, lead post-incident reviews, and produce detailed incident reports
• Champion security best practices across secure development, network security, and security operations
• Collaborate with engineering teams to integrate security into Canva's innovative design-focused products
• Apply risk-based decision making to protect Canva's global user base and creative ecosystem
• Contribute to threat intelligence sharing and continuous improvement of detection capabilities
• Mentor junior team members on incident response techniques and best practices

Required Qualifications

• Demonstrable experience in incident response, security operations, and coordinating security events from detection through resolution
• Strong knowledge of cloud security architectures, attack techniques, and hands-on experience with cloud providers (AWS, GCP, or Azure)
• Extensive experience with endpoint detection and response (EDR) platforms for investigations, analysis, and response actions
• Investigative mindset with ability to leverage OSINT techniques and solve ambiguous security problems with elegant solutions
• Excellent documentation, communication, and stakeholder management skills while prioritizing multiple tasks in a dynamic environment
• Understanding of security's organizational role with risk-based decision making in security operations
• Comfortable working with Linux, macOS, and modern security tooling

Preferred Qualifications

• Background in forensic acquisition and analysis, including maintaining chain of custody
• Incident response experience in containerized and Kubernetes environments
• Proficiency in scripting and programming languages (Python, Go, or similar)
• Experience with security automation platforms and SOAR tools
• Familiarity with detection-as-code practices and version control workflows

Required Skills

• Incident response coordination and escalation
• Cloud security (AWS, GCP, hybrid environments)
• EDR platforms for threat investigation
• OSINT techniques and threat hunting
• Detection-as-code and automation workflows
• Linux and macOS proficiency
• Risk-based security decision making
• Stakeholder communication and documentation
• Post-incident review leadership
• Scripting (Python, Go)
• Kubernetes/container security
• MITRE ATT&CK framework knowledge
• Collaborative problem-solving
• Fast-paced environment adaptability
• Investigative mindset

Benefits

• Equity packages to share in Canva's success
• Inclusive parental leave policy supporting all parents and carers
• Annual Vibe & Thrive allowance for wellbeing, social connection, office setup, and more
• Flexible leave options to recharge and support personal needs
• Hybrid work model from Canva's vibrant London campus in Shoreditch
• Delicious home-cooked meals from our Head Chef and collaborative workspaces
• Opportunities for global impact in a design-first, innovative culture
• Virtual interviews and inclusive hiring process with reasonable adjustments

Canva is an equal opportunity employer.