Canva

Senior Threat Detection Engineer – Tooling and Automation

Canva

full-time

Posted on:

Location Type: Remote

Location: Australia

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AnsibleAWSAzureCloudGoGoogle Cloud PlatformKubernetesPythonSplunkSQLSwitchingTerraform

About the role

  • Join the team redefining how the world experiences design
  • As a Senior Threat Detection Engineer, you will be a technical expert delivering high-impact security engineering solutions across our detection and platform engineering service streams
  • You will design and implement enterprise-grade detection capabilities, automate security workflows, and enhance our security platform infrastructure
  • Your work will directly strengthen Canva's security posture by enabling faster threat detection, reducing analyst toil through automation, and scaling our security operations capabilities
  • Lead detection engineering initiatives end-to-end, from threat research and design documentation through implementation, testing, and production deployment, developing high-fidelity detection logic covering threat vectors of interest to Canva
  • Participate in rotations and on-call schedules to support incident response and alert triage activities
  • Partner with Application Security, CTI, and Red Team to conduct threat modelling, translate threat intelligence into actionable detections, and validate detection effectiveness through threat simulation scenarios
  • Implement detection-as-code practices using version control, CI/CD pipelines, and automated testing frameworks to enable scalable, version-controlled detection deployment
  • Design and build sophisticated SOAR workflows that automate detection triage, investigation, and response activities, developing custom integrations with security tools and cloud platforms
  • Create automation and enrichment pipelines that reduce manual context-switching and cognitive load for analysts, improving mean-time-to-detect, analyse, and respond to security events
  • Architect and maintain security platform infrastructure supporting detection, investigation, and response capabilities using infrastructure-as-code (Terraform/Ansible) and establish service-level objectives for platform services
  • Establish monitoring and alerting for platform health, detection coverage, and operational metrics to ensure reliability and visibility
  • Collaborate across security and engineering teams including D&R Operations, DFIR, Application Security, and cloud infrastructure teams to define and integrate telemetry requirements, deploy security sensors, and ensure comprehensive visibility
  • Provide technical consultation and mentorship, advising stakeholders on detection strategy, automation capabilities, and platform limitations while developing junior engineers in detection engineering and platform operations.

Requirements

  • 5+ years of hands-on experience in security engineering, threat hunting, detection engineering, or security operations (SOC), with proven ability to design and implement detection capabilities at scale
  • Experience in SOC and alert triage
  • Proven track record in threat hunting or designing, implementing, and tuning detection logic for enterprise security platforms (SIEM, EDR, SOAR)
  • Experience with detection engineering lifecycle: threat research, detection development (KQL, SPL, ESQL, SQL-style languages), testing, deployment, tuning, and lifecycle management
  • Proficient in at least one programming language (Python or Go preferred) for automation development and custom tool creation
  • Hands-on experience with enterprise security platforms including: SIEM platforms (Elastic Security, Splunk, or similar), EDR solutions (SentinelOne, CrowdStrike, Microsoft Defender, or similar), SOAR platforms (Tines, Splunk SOAR, Cortex XSOAR, or similar)
  • Experience building SOAR workflows or automation playbooks (with or without code)
  • Infrastructure-as-code experience using Terraform/Ansible or similar tools to deploy and manage security infrastructure
  • Hands-on experience with cloud platforms (AWS, GCP, or Azure)
  • Understanding of CI/CD pipelines and DevOps practices applied to security engineering workflows
  • Understanding of containerisation, Kubernetes, and cloud-native application architectures from a security perspective
  • Knowledge of networking concepts, protocols, and security controls relevant to detection and monitoring.
Benefits
  • Equity packages - we want our success to be yours too
  • Inclusive parental leave policy that supports all parents & carers
  • An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
  • Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security engineeringthreat huntingdetection engineeringdetection capabilitiesdetection logicKQLSPLESQLSQLautomation development
Soft Skills
technical consultationmentorshipcollaborationleadershipcommunication