Source Job

• Acting as a senior escalation point and incident coordinator for security incidents across Canva’s cloud, endpoint, and SaaS environments.
• Leading and actively participating in security incident response, from initial detection through investigation, containment, eradication, and recovery.
• Performing deep forensic analysis to determine scope, impact, and root cause, and translating technical findings into clear outcomes for stakeholders.

Canva is a design platform. They have campuses in Sydney and Melbourne and co-working spaces in Brisbane, Perth and Adelaide.

• Serve as trusted advisor as part of the security division’s leadership team, actively shaping the program direction.
• Build and mature incident response runbooks, procedures, and capabilities.
• Foster a defense first mindset through actionable incident retrospective mitigations to close defense gaps, making GitLab a hard target for attackers.

GitLab is the intelligent orchestration platform for DevSecOps. They enable organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. GitLab values a high-performance culture driven by values and continuous knowledge exchange.

• Leading incident response initiatives and conduct thorough cybersecurity investigations.
• Enhancing security program by refining processes and optimizing tooling.
• Designing and implementing advanced threat detection and mitigation strategies.

Docplanner empowers patients by giving them access to leave and read reviews about their visits and provides doctors with technology to manage bookings easily and save time. They employ over 2,500 people globally and have a startup-mindset.

• Build and operationalize a fintech-grade SOC function
• Own incident response end-to-end
• Build and scale the SecOps team

OpenFX processes billions of dollars in transaction volume every month across global corridors. Their backend systems power pricing, routing, settlement, reconciliation, compliance, and risk.

• Collaborating with Security Operations Center (SOC) team members to monitor, detect, and respond to cybersecurity threats in a timely manner.
• Responding to cybersecurity incidents from identification through resolution.
• Developing and maintaining up-to-date knowledge of the threat landscape, as well as advancements in cybersecurity technologies and methodologies.

Calendly's product helps connect millions of people. They are in the midst of exciting product growth and offer opportunities to learn and grow alongside top professionals.

• You will review, challenge, and strengthen our systems, act as the security authority within engineering, define guardrails, and drive remediation when risks arise.
• Operating independently, you’ll build the structure and standards needed as we scale.
• Your mission is to own the company wide security strategy and architecture, ensure CIRO and SOC 2 alignment, and embed strong security practices across infrastructure, applications, and internal systems, while enabling engineering velocity.

Newton is changing how Canadians trade crypto, with the goal to make financial freedom something everyone can achieve by giving customers the tools and knowledge they need to navigate the crypto world. At Newton, you'll work with a remote team spread across Canada.

• Own detection, response, and cloud security at PostHog.
• Take the reins of our security operations, build out our detection pipelines, and ensure that when something goes bump in the night, we have the observability to know exactly what happened.
• Shape the security team, culture and tooling for a high-growth, open-source company.

PostHog is shipping every product that companies need to run their business from their first day, to the day they IPO, and beyond. They are the operating system for folks who build software. They've raised more than $100m from some of the world's top investors and are set up for a long, ambitious journey.

• Lead a high-performing team of Detection & Response engineers.
• Continuously innovate and enhance detection strategies and quality controls.
• Foster a culture of experimentation, quality, and continuous improvement within the team.

Jobgether's AI-powered matching process ensures applications are reviewed quickly, objectively, and fairly against the role's core requirements. Their system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company.

• Define the security operations roadmap by designing and implementing long term strategies.
• Improve and maintain processes, tooling, documentation, and training to mature and enhance cybersecurity incident response.
• Design, implement, and maintain security events monitoring systems.

Docplanner Tech is a diverse group of over 400 people working in Engineering, Data, and Product teams, responsible for building the product for all locations. They are leaders in 13 countries, with over 2,500 employees globally, and are backed by leading venture capital funds such as Point Nine Capital and Goldman Sachs Asset Management.

• Build proactive security automation aimed at decreasing manual remediation work.
• Research new and novel ways to accomplish security work and publish your findings on our blog.
• Participate in a monthly security on-call rotation for critical escalations.

Automox is a cloud-native IT operations platform that helps modern organizations keep every endpoint automatically configured, patched, and secured – anywhere in the world. They are trusted by more than 2,500 leading companies and MSPs worldwide and value a ‘one team’ mentality where everyone’s unique skills contribute to an environment that encourages collaboration and ownership.

• Lead Application Security testing projects and drive remediation of identified vulnerabilities.
• Design and run adversarial testing campaigns across the full Buildkite environment.
• Build automation for both AppSec and adversarial testing workflows.

Buildkite's mission is to unblock every developer on the planet with their CI/CD platform. They are a remote-first company since 2013 with a small team, high standards, and real ownership distributed across 60+ cities, built around async communication and genuine autonomy.

• Support and execute security incident response activities.
• Operate and improve enterprise security controls and tooling.
• Coordinate security investigations with DevOps, IT, and Engineering teams.

Keeper Security transforms cybersecurity for organizations around the world with next-generation privileged access management. Keeper’s zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and GovRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified.

• Own application, cloud, infrastructure, and data security across Cherry
• Be hands-on: design systems, review code and architecture, and contribute directly where needed
• Lead incident response, threat modeling, and security reviews

Cherry is a profitable, high-growth fintech ($500M+ revenue, ~3x YoY) building the financial infrastructure for healthcare providers. Security is core to our product, not a support function. They are looking for strong leaders that will help them scale Cherry to be the go-to financial partner for every doctor in the country.

• Own the strategy and maturity roadmap for corporate monitoring, detection engineering, and operational security metrics.
• Lead and develop Corporate Security Operations Analysts and the Corporate Threat Hunter & Detection Analyst.
• Continuously improve alert quality, detection coverage, triage workflows, and operational automation.

Onebrief provides collaboration and AI-powered workflow software designed specifically for military staffs, making the staff faster, smarter, and more efficient. Valued at $2.15B, the company's team spans veterans from all forces and global organizations, and technologists from leading-edge software companies.

• Drive and enable proactive identification, analysis, and remediation of security vulnerabilities.
• Respond to manage pen testing and bug bounty programs.
• Work in partnership with Software Architecture, Risk/Compliance, the SRE team, and other partners, to integrate security capabilities into the SDLC.

Subsplash builds The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. They are a family-owned and operated company of 290+ mission-driven people.

• Own a portfolio of security programs (planning, resourcing, milestones, dependencies, risk/issue management, and outcomes).
• Create and maintain multi-quarter roadmaps aligned to Keyrock’s business and operating model across venues and services (CEX/DEX and liquidity services).
• Establish governance and operating cadence: steering meetings, status reporting, program reviews, and executive updates.

Keyrock is a leading change-maker in the digital asset space, renowned for its partnerships and innovation. They have over 200 team members around the world with a diverse team hailing from 42 nationalities, with backgrounds ranging from DeFi natives to PhDs.

• Own the technical design and review process for security-critical systems.
• Maintain mastery of technical security domains to solve complex business challenges.
• Create and implement advanced tools and automation to increase security monitoring.

Garner Health aims to transform the healthcare economy, delivering high-quality and affordable care for all. They partner with employers to redesign healthcare benefits using clear incentives and data-driven insights. Garner Health is one of the fastest-growing healthcare technology companies.

• Lead secure design reviews, threat modeling, and security-focused code reviews across the product and platform.
• Build and run Fieldguide’s vulnerability management program: scanning, triage, SLA-driven remediation tracking, and engineering coordination.
• Partner with Compliance to ensure technical controls satisfy framework requirements (SOC 2, ISO 27001, ISO 42001, FedRAMP).

Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners. They are based in San Francisco, CA, and built as a remote-first company that enables you to do your best work from anywhere.

• Keeps the lights on, data safe, and people moving fast.
• Jumping into real incidents, guiding security decisions, and helping teams build securely from the start.
• Contributing to reviews of business solutions, risk identification and secure‑by‑design practices.

Contact Energy is a power, mobile, and broadband company that is transforming how Aotearoa is powered, leading the charge on renewable energy and digitising customer journeys. They are a team of 1000+ from all walks of life. They value caring for each other, learning from one another, and being guided by their tikanga.

• Supporting investigations, day‑to‑day operations, and the uplift of our security posture.
• Jumping into real incidents, guiding security decisions, and helping teams build securely from the start.
• Unpicking a phishing campaign and advising on a new solution or progressing vulnerability management.

Contact Energy believes home is the most important place in the world. They're a team that’s reimagining how Aotearoa is powered and how customers experience energy. Contact is guided by their tikanga and they touch lives to make life better.