Senior Threat Detection Engineer - Tooling and Automation
Job Description
Join the team redefining how the world experiences design.
Hey, hello, hiya, g'day, mabuhay, kia ora, 你好, hallo, vítejte!
Thanks for stopping by. We know job hunting can be a little time consuming and you're probably keen to find out what's on offer, so we'll get straight to the point.
Where and how you can work
Our flagship campus is in Sydney. We also have a campus in Melbourne and co-working spaces in Brisbane, Perth and Adelaide. But you have choice in where and how you work. That means if you want to do your thing in the office (if you're near one), at home or a bit of both, it's up to you. What you’d be doing in this role
As Canva scales change continues to be part of our DNA. But we like to think that's all part of the fun. So this will give you the flavour of the type of things you'll be working on when you start, but this will likely evolve.
As a Senior Threat Detection Engineer, you will be a technical expert delivering high-impact security engineering solutions across our detection and platform engineering service streams. You will design and implement enterprise-grade detection capabilities, automate security workflows, and enhance our security platform infrastructure. Your work will directly strengthen Canva's security posture by enabling faster threat detection, reducing analyst toil through automation, and scaling our security operations capabilities. This role requires balancing security effectiveness with operational efficiency. You will leverage automation, infrastructure-as-code, and cloud-native technologies to deliver scalable, resilient security solutions while maintaining the operational excellence of production security systems.We are not looking for someone who checks every single box, we’re looking for lifelong learners and people who can make us better with their unique experiences.
Lead detection engineering initiatives end-to-end, from threat research and design documentation through implementation, testing, and production deployment, developing high-fidelity detection logic covering threat vectors of interest to Canva.
Participate in rotations and on-call schedules to support incident response and alert triage activities.
Partner with Application Security, CTI, and Red Team to conduct threat modelling, translate threat intelligence into actionable detections, and validate detection effectiveness through threat simulation scenarios.
Implement detection-as-code practices using version control, CI/CD pipelines, and automated testing frameworks to enable scalable, version-controlled detection deployment.
Design and build sophisticated SOAR workflows that automate detection triage, investigation, and response activities, developing custom integrations with security tools and cloud platforms.
Create automation and enrichment pipelines that reduce manual context-switching and cognitive load for analysts, improving mean-time-to-detect, analyse, and respond to security events.
Architect and maintain security platform infrastructure supporting detection, investigation, and response capabilities using infrastructure-as-code (Terraform/Ansible) and establish service-level objectives for platform services.
Establish monitoring and alerting for platform health, detection coverage, and operational metrics to ensure reliability and visibility.
Collaborate across security and engineering teams including D&R Operations, DFIR, Application Security, and cloud infrastructure teams to define and integrate telemetry requirements, deploy security sensors, and ensure comprehensive visibility.
Provide technical consultation and mentorship, advising stakeholders on detection strategy, automation capabilities, and platform limitations while developing junior engineers in detection engineering and platform operations.
You're probably a match if you have
5+ years of hands-on experience in security engineering, threat hunting, detection engineering, or security operations (SOC), with proven ability to design and implement detection capabilities at scale.
Experience in SOC and alert triage.
Proven track record in threat hunting or designing, implementing, and tuning detection logic for enterprise security platforms (SIEM, EDR, SOAR).
Experience with detection engineering lifecycle: threat research, detection development (KQL, SPL, ESQL, SQL-style languages), testing, deployment, tuning, and lifecycle management.
Proficient in at least one programming language (Python or Go preferred) for automation development and custom tool creation.
Hands-on experience with enterprise security platforms including: SIEM platforms (Elastic Security, Splunk, or similar), EDR solutions (SentinelOne, CrowdStrike, Microsoft Defender, or similar), SOAR platforms (Tines, Splunk SOAR, Cortex XSOAR, or similar).
Experience building SOAR workflows or automation playbooks (with or without code).
Infrastructure-as-code experience using Terraform/Ansible or similar tools to deploy and manage security infrastructure.
Hands-on experience with cloud platforms (AWS, GCP, or Azure).
Understanding of CI/CD pipelines and DevOps practices applied to security engineering workflows.
Understanding of containerisation, Kubernetes, and cloud-native application architectures from a security perspective.
Knowledge of networking concepts, protocols, and security controls relevant to detection and monitoring.
Beneficial Experience (not required, but helpful)
Background in Threat Hunting, Threat Intelligence, DFIR.
Experience with advanced detection techniques: behavioural analytics, anomaly detection, machine learning-based detection and GenAI workflows.
Knowledge of big data analytic platforms and query optimisation.
Prior experience building or operating Detection Engineering programs or Security Operations Centres.
Contributing to open-source security tools or publishing detection engineering research.
About the team
The Detection & Response (D&R) organisation is responsible for protecting Canva from security threats through proactive detection engineering, incident response, and security platform operations. We operate at the intersection of security engineering and security operations, building and maintaining the detection capabilities, automation workflows, and security infrastructure that enable Canva to identify and respond to threats at scale.
About DETA (Detection Engineering, Tooling & Automation) DETA provides specialised security engineering services across three distinct service streams:
Detection Engineering: Threat detection development, MITRE ATT&CK coverage, detection-as-code practices, Alert optimisation, false positive reduction, detection lifecycle management
Automation Engineering: SOAR workflows, GenAI, enrichment automation, incident response orchestration
Platform Engineering: SIEM/EDR/SOAR platform operations, infrastructure optimisation, observability (log source integration, security telemetry standards, data pipeline support)
What's in it for you?
Achieving our crazy big goals motivates us to work hard - and we do - but you'll experience lots of moments of magic, connectivity and fun woven throughout life at Canva, too. We also offer a stack of benefits to set you up for every success in and outside of work.
Here's a taste of what's on offer:
Equity packages - we want our success to be yours too
Inclusive parental leave policy that supports all parents & carers
An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally
Check out lifeatcanva.com for more info.
Other stuff to know
We see AI as a powerful amplifier of creativity and technology at Canva. We’re evolving how we assess AI skills in our Technology hiring experience - you’ll tackle interactive, real-time challenges that reflect the kind of work we do. In some interviews, you may also be asked to solve a problem using an AI tool to show how you approach challenges with tech by your side. Your recruitment partner will walk you through what to expect.
We make hiring decisions based on your experience, skills and passion, as well as how you can enhance Canva and our culture. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.
Please note that interviews are conducted virtually.
About the job
Apply for this position
Senior Threat Detection Engineer - Tooling and Automation
Job Description
Join the team redefining how the world experiences design.
Hey, hello, hiya, g'day, mabuhay, kia ora, 你好, hallo, vítejte!
Thanks for stopping by. We know job hunting can be a little time consuming and you're probably keen to find out what's on offer, so we'll get straight to the point.
Where and how you can work
Our flagship campus is in Sydney. We also have a campus in Melbourne and co-working spaces in Brisbane, Perth and Adelaide. But you have choice in where and how you work. That means if you want to do your thing in the office (if you're near one), at home or a bit of both, it's up to you. What you’d be doing in this role
As Canva scales change continues to be part of our DNA. But we like to think that's all part of the fun. So this will give you the flavour of the type of things you'll be working on when you start, but this will likely evolve.
As a Senior Threat Detection Engineer, you will be a technical expert delivering high-impact security engineering solutions across our detection and platform engineering service streams. You will design and implement enterprise-grade detection capabilities, automate security workflows, and enhance our security platform infrastructure. Your work will directly strengthen Canva's security posture by enabling faster threat detection, reducing analyst toil through automation, and scaling our security operations capabilities. This role requires balancing security effectiveness with operational efficiency. You will leverage automation, infrastructure-as-code, and cloud-native technologies to deliver scalable, resilient security solutions while maintaining the operational excellence of production security systems.We are not looking for someone who checks every single box, we’re looking for lifelong learners and people who can make us better with their unique experiences.
Lead detection engineering initiatives end-to-end, from threat research and design documentation through implementation, testing, and production deployment, developing high-fidelity detection logic covering threat vectors of interest to Canva.
Participate in rotations and on-call schedules to support incident response and alert triage activities.
Partner with Application Security, CTI, and Red Team to conduct threat modelling, translate threat intelligence into actionable detections, and validate detection effectiveness through threat simulation scenarios.
Implement detection-as-code practices using version control, CI/CD pipelines, and automated testing frameworks to enable scalable, version-controlled detection deployment.
Design and build sophisticated SOAR workflows that automate detection triage, investigation, and response activities, developing custom integrations with security tools and cloud platforms.
Create automation and enrichment pipelines that reduce manual context-switching and cognitive load for analysts, improving mean-time-to-detect, analyse, and respond to security events.
Architect and maintain security platform infrastructure supporting detection, investigation, and response capabilities using infrastructure-as-code (Terraform/Ansible) and establish service-level objectives for platform services.
Establish monitoring and alerting for platform health, detection coverage, and operational metrics to ensure reliability and visibility.
Collaborate across security and engineering teams including D&R Operations, DFIR, Application Security, and cloud infrastructure teams to define and integrate telemetry requirements, deploy security sensors, and ensure comprehensive visibility.
Provide technical consultation and mentorship, advising stakeholders on detection strategy, automation capabilities, and platform limitations while developing junior engineers in detection engineering and platform operations.
You're probably a match if you have
5+ years of hands-on experience in security engineering, threat hunting, detection engineering, or security operations (SOC), with proven ability to design and implement detection capabilities at scale.
Experience in SOC and alert triage.
Proven track record in threat hunting or designing, implementing, and tuning detection logic for enterprise security platforms (SIEM, EDR, SOAR).
Experience with detection engineering lifecycle: threat research, detection development (KQL, SPL, ESQL, SQL-style languages), testing, deployment, tuning, and lifecycle management.
Proficient in at least one programming language (Python or Go preferred) for automation development and custom tool creation.
Hands-on experience with enterprise security platforms including: SIEM platforms (Elastic Security, Splunk, or similar), EDR solutions (SentinelOne, CrowdStrike, Microsoft Defender, or similar), SOAR platforms (Tines, Splunk SOAR, Cortex XSOAR, or similar).
Experience building SOAR workflows or automation playbooks (with or without code).
Infrastructure-as-code experience using Terraform/Ansible or similar tools to deploy and manage security infrastructure.
Hands-on experience with cloud platforms (AWS, GCP, or Azure).
Understanding of CI/CD pipelines and DevOps practices applied to security engineering workflows.
Understanding of containerisation, Kubernetes, and cloud-native application architectures from a security perspective.
Knowledge of networking concepts, protocols, and security controls relevant to detection and monitoring.
Beneficial Experience (not required, but helpful)
Background in Threat Hunting, Threat Intelligence, DFIR.
Experience with advanced detection techniques: behavioural analytics, anomaly detection, machine learning-based detection and GenAI workflows.
Knowledge of big data analytic platforms and query optimisation.
Prior experience building or operating Detection Engineering programs or Security Operations Centres.
Contributing to open-source security tools or publishing detection engineering research.
About the team
The Detection & Response (D&R) organisation is responsible for protecting Canva from security threats through proactive detection engineering, incident response, and security platform operations. We operate at the intersection of security engineering and security operations, building and maintaining the detection capabilities, automation workflows, and security infrastructure that enable Canva to identify and respond to threats at scale.
About DETA (Detection Engineering, Tooling & Automation) DETA provides specialised security engineering services across three distinct service streams:
Detection Engineering: Threat detection development, MITRE ATT&CK coverage, detection-as-code practices, Alert optimisation, false positive reduction, detection lifecycle management
Automation Engineering: SOAR workflows, GenAI, enrichment automation, incident response orchestration
Platform Engineering: SIEM/EDR/SOAR platform operations, infrastructure optimisation, observability (log source integration, security telemetry standards, data pipeline support)
What's in it for you?
Achieving our crazy big goals motivates us to work hard - and we do - but you'll experience lots of moments of magic, connectivity and fun woven throughout life at Canva, too. We also offer a stack of benefits to set you up for every success in and outside of work.
Here's a taste of what's on offer:
Equity packages - we want our success to be yours too
Inclusive parental leave policy that supports all parents & carers
An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally
Check out lifeatcanva.com for more info.
Other stuff to know
We see AI as a powerful amplifier of creativity and technology at Canva. We’re evolving how we assess AI skills in our Technology hiring experience - you’ll tackle interactive, real-time challenges that reflect the kind of work we do. In some interviews, you may also be asked to solve a problem using an AI tool to show how you approach challenges with tech by your side. Your recruitment partner will walk you through what to expect.
We make hiring decisions based on your experience, skills and passion, as well as how you can enhance Canva and our culture. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.
Please note that interviews are conducted virtually.