Security Engineering Manager - Vulnerability Management, Application Security

Join the team redefining how the world experiences design.

Hey, g'day, mabuhay, kia ora, 你好, hallo, vítejte!

Thanks for stopping by. We know job hunting can be a little time consuming and you're probably keen to find out what's on offer, so we'll get straight to the point.

Where and how you can work

Our flagship campus is in Sydney. We also have a campus in Melbourne and co-working spaces in Brisbane, Perth and Adelaide. But you have choice in where and how you work, we trust our Canvanauts to choose the balance that empowers them and their team to achieve their goals.

What you’d be doing in this role

As Canva scales change continues to be part of our DNA. But we like to think that's all part of the fun. So this will give you the flavour of the type of things you'll be working on when you start, but this will likely evolve.

At the moment, this role is focused on:

• Own the delivery of Application Security solutions for our large-scale, cloud-native and SaaS application stack, to enable Canva to understand its vulnerability landscape, and have remediation built into our development lifecycle.
• Support a security-first engineering culture by making the optimally secure solution the easiest one for software engineering teams to use 
• Drive technical decision making support to your team in a fast-paced, innovation-focused environment
• Foster a culture of communication, bridging the communication gap between teams, groups, and company leaders
• Invest in working with engineers on growth and development opportunities to help further their skillset and grow into new roles, with an ability to deliver relevant and timely feedback (positive & constructive) to help them to continuously improve and learn
• Be involved in hiring; build and grow high-performing and highly engaged teams of world-class engineers by attracting, interviewing, and selecting talent for your group
• Coordinate across various specialties and parts of the business to understand the impact and feasibility of strategic goals within the group, and how that impacts your own roadmap.
• Drive delivery of large, cross team and cross group initiatives and projects from ideation to completion.

You're probably a match if

• You’ve led engineering or security teams and love growing people from all levels, while scaling systems.
• You’re a technical hands on leader (with previous experience as a Software or Security engineer), who is comfortable getting into the thick of it when needed using software engineering fundamentals and security first principles to guide technical decision making
• Previous experience in cloud-based environments (AWS, Google Cloud, Azure) with a working knowledge of broad infrastructure functions - CI/CD pipelines, automation, site reliability etc.
• You bring deep understanding of vulnerability management practices — across infrastructure, application security, and cloud environments.
• You’re comfortable working with ambiguity, designing programs, and influencing beyond your immediate team.
• You can communicate clearly with technical and non-technical audiences and love turning complex problems into simple, effective solutions.
• Experience making careful engineering tradeoffs, particularly around "Build vs Buy", evaluating potential third party systems to partner with, and managing and working with vendors to meet Canva's business needs
• Strong customer focus to understand the use cases and requirements of internal stakeholders, and identify opportunities to empower them to do their best work

While not required, you’ll have an edge if you bring:

• Subject-matter expertise of Amazon Web Services and associated technologies and products within the AWS ecosystem
• Previous experience leading teams to scale security solutions through automation, continuously reducing the tax that security requirements can impose on software development and operations
• Experience working on delivering vulnerability management at scale in a fast paced, rapid growth environment

About the role

As a Security Engineering Manager for the Vulnerability Management team, you’ll lead a team dedicated to identifying, assessing, and automating the resolution of security vulnerabilities across Canva’s global ecosystem. Your mission is to empower engineers with the tools and context they need to make secure decisions by default—making the secure path the easiest path. We need to be able to ship robust and secure features without sacrificing speed and scale of delivery.

Our Vulnerability Management team takes a strategic, build-versus-buy approach to deliver robust capabilities that offer visibility, early detection, and actionable insights. We're focused on reducing toil, abstracting away complexity, and driving remediation at scale—so product teams can focus on building, not fixing. You'll guide engineers as they develop and scale security solutions, navigate complex problem spaces, and balance security rigor with Canva's pace of innovation.

About the Security Group

The Security Group’s mission is to protect our community, people, and company from online threats by making the most secure actions simple. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk. The group runs programs across Identity and Access Management, Application Security, Risk Management, and Threat Detection and Response domains.  Within this group, the Vulnerability Management team ensures we’re proactively identifying and reducing risk across Canva’s systems and codebase. We partner deeply with product teams and platform engineers — building shared tooling, defining scalable processes, and helping Canva grow securely.

What's in it for you?

Achieving our crazy big goals motivates us to work hard - and we do - but you'll experience lots of moments of magic, connectivity and fun woven throughout life at Canva, too. We also offer a range of benefits to set you up for every success in and outside of work.

Here's a taste of what's on offer:

• Equity packages - we want our success to be yours too
• Inclusive parental leave policy that supports all parents & carers
• An annual Vibe & Thrive allowance to support your wellbeing, social connection, office setup & more
• Flexible leave options that empower you to be a force for good, take time to recharge and supports you personally

Check out lifeatcanva.com for more info.

Other stuff to know

We make hiring decisions based on your experience, skills and passion, as well as how you can enhance Canva and our culture. When you apply, please tell us the pronouns you use and any reasonable adjustments you may need during the interview process.

We celebrate all types of skills and backgrounds at Canva so even if you don’t feel like your skills quite match what’s listed above - we still want to hear from you!

Please note that interviews are conducted virtually.