As a Senior Threat Detection Engineer in the Detection Engineering, Tooling & Automation (DETA) team at Canva, you will lead high-impact security engineering initiatives to strengthen Canva's security posture through detection-as-code, automation, and platform engineering. You'll design and implement detection capabilities, automate security workflows, and scale security operations to match Canva's global growth.
What You'll Do
- Lead detection engineering initiatives end-to-end, partnering with Application Security, CTI, and Red Team to conduct threat modelling
- Translate threat intelligence into high-fidelity detections
- Implement detection-as-code practices using version control and CI/CD pipelines
- Participate in on-call rotation to support incident response and alert triage activities
- Design and build SOAR workflows and automation pipelines that automate detection triage, investigation, and response
- Reduce manual context-switching and cognitive load for analysts
- Improve mean-time-to-detect, analyse, and respond
- Design and/or maintain security platform infrastructure using infrastructure-as-code (Terraform/Ansible)
- Establish monitoring, alerting, and service-level objectives for platform health, detection coverage, and operational metrics
- Collaborate across security and engineering teams to provide technical consultation on detection strategy and platform capabilities
What We're Looking For
- Experience in detection engineering, threat hunting, or security operations (SOC)
- Proven track record designing, implementing, and tuning detection logic for enterprise security platforms (SIEM, EDR, SOAR)
- Managing full detection lifecycle from threat research through deployment and maintenance
- Experience with Incident Response processes, alert triage and responding to security incidents
- Hands-on experience with enterprise security platforms including SIEM platforms (Elastic Security, Splunk, or similar)
- Hands-on experience with EDR solutions (SentinelOne, CrowdStrike, Microsoft Defender, or similar)
- Hands-on experience with SOAR platforms
- Working knowledge of Infrastructure-as-code using Terraform/Ansible or similar tools to deploy and manage security infrastructure
- Understanding of DevOps practices
- Experience with at least one cloud platform (AWS, GCP, or Azure)
- Understanding of containerisation and Kubernetes
Nice to Have
- Background in Threat Hunting or Threat Intelligence
- Publishing research in blogs or contributing to open-source security tools
- Experience with advanced detection techniques: behavioural analytics, anomaly detection, machine learning-based detection and GenAI workflows
Technical Stack
- SIEM
- Elastic Security
- Splunk
- EDR
- SentinelOne
- CrowdStrike
- Microsoft Defender
- SOAR
- Terraform
- Ansible
- CI/CD
- Version Control
- AWS
- GCP
- Azure
- Kubernetes
- Containerisation
- DevOps
Team & Environment
- Part of the Detection & Response (D&R) organisation, specifically within the Detection Engineering, Tooling & Automation (DETA) team
Benefits & Compensation
- Equity packages - we want our success to be yours too
- Inclusive parental leave policy that supports all parents & carers
- An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
- Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally
- Equity packages
Work Mode
- Choice in where and how you work — office, home, or a mix
Canva is committed to creating a diverse and inclusive workplace. We are proud to be an equal opportunity employer and welcome people of all backgrounds, experiences, and perspectives.
