Canva is hiring a Senior Threat Detection Engineer - Tooling and Automation (ANZ remote)

Canva is looking for a Senior Threat Detection Engineer - Tooling and Automation to deliver high-impact security engineering solutions. You will design and implement enterprise-grade detection capabilities, automate security workflows, and enhance security platform infrastructure to strengthen Canva's security posture. This role is remote within Australia and New Zealand.

What You'll Do

• Lead detection engineering initiatives end-to-end, from threat research and design documentation through implementation, testing, and production deployment.
• Participate in rotations and on-call schedules to support incident response and alert triage activities.
• Partner with Application Security, CTI, and Red Team to conduct threat modelling, translate threat intelligence into actionable detections, and validate detection effectiveness.
• Implement detection-as-code practices using version control, CI/CD pipelines, and automated testing frameworks.
• Design and build sophisticated SOAR workflows that automate detection triage, investigation, and response activities.
• Create automation and enrichment pipelines that reduce manual context-switching and cognitive load for analysts.
• Architect and maintain security platform infrastructure supporting detection, investigation, and response capabilities using infrastructure-as-code.
• Establish monitoring and alerting for platform health, detection coverage, and operational metrics.
• Collaborate across security and engineering teams to define and integrate telemetry requirements, deploy security sensors, and ensure comprehensive visibility.
• Provide technical consultation and mentorship, advising stakeholders on detection strategy and automation capabilities.

What We're Looking For

• 5+ years of hands-on experience in security engineering, threat hunting, detection engineering, or security operations.
• Experience in SOC and alert triage.
• Proven track record in threat hunting or designing, implementing, and tuning detection logic for enterprise security platforms like SIEM, EDR, and SOAR.
• Experience with the full detection engineering lifecycle: threat research, detection development (KQL, SPL, ESQL, SQL-style languages), testing, deployment, tuning, and lifecycle management.
• Proficient in at least one programming language, with Python or Go preferred, for automation development and custom tool creation.
• Hands-on experience with enterprise security platforms including SIEM (Elastic Security, Splunk), EDR (SentinelOne, CrowdStrike, Microsoft Defender), and SOAR platforms (Tines, Splunk SOAR, Cortex XSOAR).
• Experience building SOAR workflows or automation playbooks.
• Infrastructure-as-code experience using Terraform/Ansible or similar tools to deploy and manage security infrastructure.
• Hands-on experience with cloud platforms (AWS, GCP, or Azure).
• Understanding of CI/CD pipelines and DevOps practices applied to security engineering workflows.
• Understanding of containerisation, Kubernetes, and cloud-native application architectures from a security perspective.
• Knowledge of networking concepts, protocols, and security controls relevant to detection and monitoring.

Nice to Have

• Background in Threat Hunting, Threat Intelligence, or DFIR.
• Experience with advanced detection techniques: behavioural analytics, anomaly detection, machine learning-based detection and GenAI workflows.
• Knowledge of big data analytic platforms and query optimisation.
• Prior experience building or operating Detection Engineering programs or Security Operations Centres.
• Contributing to open-source security tools or publishing detection engineering research.

Technical Stack

• Languages: Python, Go
• Infrastructure-as-Code: Terraform, Ansible
• Cloud: AWS, GCP, Azure
• Orchestration: Kubernetes
• Security Platforms: Elastic Security, Splunk, SentinelOne, CrowdStrike, Microsoft Defender, Tines, Cortex XSOAR

Team & Environment

You will be part of the Detection & Response (D&R) organisation, specifically within the DETA (Detection Engineering, Tooling & Automation) team.

Benefits & Compensation

• Equity packages
• Inclusive parental leave policy
• Annual Vibe & Thrive allowance for wellbeing, social connection, office setup & more
• Flexible leave options

Work Mode

This is a hybrid role open to candidates located in Australia and New Zealand.

We make hiring decisions based on your experience, skills and passion, as well as how you can enhance Canva and our culture. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.