Canva is hiring a Senior Threat Detection Engineer - Tooling and Automation (ANZ remote)

Responsibilities

• Lead detection engineering initiatives end-to-end, from threat research and design documentation through implementation, testing, and production deployment, developing high-fidelity detection logic covering threat vectors of interest to Canva.
• Participate in rotations and on-call schedules to support incident response and alert triage activities.
• Partner with Application Security, CTI, and Red Team to conduct threat modelling, translate threat intelligence into actionable detections, and validate detection effectiveness through threat simulation scenarios.
• Implement detection-as-code practices using version control, CI/CD pipelines, and automated testing frameworks to enable scalable, version-controlled detection deployment.
• Design and build sophisticated SOAR workflows that automate detection triage, investigation, and response activities, developing custom integrations with security tools and cloud platforms.
• Create automation and enrichment pipelines that reduce manual context-switching and cognitive load for analysts, improving mean-time-to-detect, analyse, and respond to security events.
• Architect and maintain security platform infrastructure supporting detection, investigation, and response capabilities using infrastructure-as-code (Terraform/Ansible) and establish service-level objectives for platform services.
• Establish monitoring and alerting for platform health, detection coverage, and operational metrics to ensure reliability and visibility.
• Collaborate across security and engineering teams including D&R Operations, DFIR, Application Security, and cloud infrastructure teams to define and integrate telemetry requirements, deploy security sensors, and ensure comprehensive visibility.
• Provide technical consultation and mentorship, advising stakeholders on detection strategy, automation capabilities, and platform limitations while developing junior engineers in detection engineering and platform operations.

Requirements

• 5+ years of hands-on experience in security engineering, threat hunting, detection engineering, or security operations (SOC), with proven ability to design and implement detection capabilities at scale.
• Experience in SOC and alert triage.
• Proven track record in threat hunting or designing, implementing, and tuning detection logic for enterprise security platforms (SIEM, EDR, SOAR).
• Experience with detection engineering lifecycle: threat research, detection development (KQL, SPL, ESQL, SQL-style languages), testing, deployment, tuning, and lifecycle management.
• Proficient in at least one programming language (Python or Go preferred) for automation development and custom tool creation.
• Hands-on experience with enterprise security platforms including: SIEM platforms (Elastic Security, Splunk, or similar), EDR solutions (SentinelOne, CrowdStrike, Microsoft Defender, or similar), SOAR platforms (Tines, Splunk SOAR, Cortex XSOAR, or similar).
• Experience building SOAR workflows or automation playbooks (with or without code).
• Infrastructure-as-code experience using Terraform/Ansible or similar tools to deploy and manage security infrastructure.
• Hands-on experience with cloud platforms (AWS, GCP, or Azure).
• Understanding of CI/CD pipelines and DevOps practices applied to security engineering workflows.
• Understanding of containerisation, Kubernetes, and cloud-native application architectures from a security perspective.
• Knowledge of networking concepts, protocols, and security controls relevant to detection and monitoring.

Nice to Have

• Background in Threat Hunting, Threat Intelligence, DFIR.
• Experience with advanced detection techniques: behavioural analytics, anomaly detection, machine learning-based detection and GenAI workflows.
• Knowledge of big data analytic platforms and query optimisation.
• Prior experience building or operating Detection Engineering programs or Security Operations Centres.
• Contributing to open-source security tools or publishing detection engineering research.

Benefits

• Equity packages
• Inclusive parental leave policy that supports all parents & carers
• An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
• Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally

Work Arrangement

Hybrid

Team

Structure: Detection & Response (D&R) organisation

Additional Information

• We make hiring decisions based on your experience, skills and passion, as well as how you can enhance Canva and our culture. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process. Please note that interviews are conducted virtually.