Senior Security Engineer
The Company You’ll Join
Carta is a platform that helps people manage equity, build businesses, and invest in the companies of tomorrow. Our mission is to create more owners.
Carta is trusted by more than 30,000 companies and over half a million employees in nearly 150 countries to manage cap tables, compensation, and valuations. Carta also supports over 5,000 funds representing over $100B in assets under administration with their venture capital solutions. Carta’s liquidity solutions have returned $13B to shareholders in secondary transactions. Today Carta’s platform manages over two trillion dollars in equity for nearly two million people globally. Companies and funds like Canva, Tribe, and Pipe build their businesses on Carta.
The company has been included on the Forbes World’s Best Cloud Companies, Fast Company's Most Innovative list, and Inc.’s Fastest-Growing Private Companies. We’ve also been recognized as a 2023 Built In Best Place to Work in the U.S. and a Muse VIBE Award winner in the Vacation and Time Off category.
For more information about our offices and culture, check out our Carta careers page.
The Team You’ll Work With
You’ll be joining our Security Operation team as a Senior Security Engineer.
This role is within the Security Engineering Organization. You will gather logs & telemetry from many sources, identify risks, create automations to boost efficiency, as well as investigate and remediate threats. To complete this mission, we need people who are passionate about detection, response, automation, and monitoring - willing to go the extra mile to find the needle in the haystack. We believe in creating teams (not rockstars), progress (not immediate perfection), and fostering a creative environment for research. We measure success not by how many bugs you find or tasks you complete, but by how much risk you reduce in the organization and how you work to improve the security of those around you.
We get to work in an environment that uses infrastructure-as-code, Kubernetes, role-based access, with engineers who care about the integrity and security of our data. When things go bump in the night (or during the day!), you’ll be there to help guide the business to a safer path. You’ll help craft the next generation of Carta’s security operations programs, working with our team to help secure the future of our business. Your work will span across technologies, stacks, and languages, and you’ll help ensure a safe and secure workplace for all Cartans.
The Problems You’ll Solve
Some of the problems you’ll help us solve are:
- How do we enable automated security practices (vulnerability management, detection & response, etc.) without interrupting business processes?
- How do we maintain situational awareness across multiple cloud infrastructures, corporate environments, and data sensitivity levels, all in a growing environment?
- How do we incorporate threat intelligence into proactive defense in an automated and reliable fashion?
- How do we preserve a high level of customer privacy while also establishing an effective response posture?
- Strong knowledge of cloud services and infrastructure (e.g., Google Cloud, GSuite, AWS, Okta) with experience in associated automation tools (Terraform, GAM).
- Proficient in attack models, notably MITRE’s ATT&CK framework, and their defensive applications in enterprise settings.
- Minimum of 8-10 years hands-on experience in security operations, emphasizing detection, response, identity/access, auditing, alerting, automation, orchestration, and threat hunting.
- Demonstrable experience with incident response practices, including creating rapid response automations to expedite incident remediation.
- Ability to identify security visibility gaps and collaborate with engineering teams to ensure comprehensive log/signal availability and data normalization across diverse sources.
- Skilled in:
- Administering SIEM solutions (SnowFlake, DataDog, Splunk, etc).
- Security automation development, preferably in Python or with a SOAR platform.
- Establishing and maintaining logging pipelines, parsing logs, and creating monitoring alerts/detections.
- Implementing endpoint state attestation tools.
- Superior written communication skills adaptable to varied audiences.
Role locations: NYC, SF, Santa Clara, or Seattle.
*Open to candidates with diverse technical backgrounds, including SRE and other complementary experiences, not exclusively security-focused.
At Carta, you’re not just an employee. You’re a builder who is creating infrastructure that accelerates innovation and empowers more ownership. Cartans are helpful, relentless, unconventional and kind; representing Carta’s Identity Traits. They work collaboratively and cross functionally to challenge the status quo; working towards a common goal of creating more owners in the private markets.
Carta’s compensation package includes a market competitive salary, equity for all full time roles, exceptional benefits, and, for applicable roles, commissions plans. Our minimum cash compensation (salary + commission if applicable) range for this role is:
- $229,500 - $270,000 in San Francisco, CA; Santa Clara, CA; or New York City, NY
- $206,550 - $243,000 in Seattle, WA
Final offers may vary from the amount listed based on geography, candidate experience and expertise, and other factors.