Senior Security Engineer II

The Company You’ll Join

Carta is a platform that helps people manage equity, build businesses, and invest in the companies of tomorrow. Our mission is to unlock the power of equity ownership for more people in more places.

Carta is trusted by more than 40,000 companies and over two million people in nearly 160 countries to manage cap tables, compensation, and valuations. Carta also supports nearly 7,000 funds and SPVs, and represents nearly $130B in assets under administration. Carta's tender offer solutions have returned $14B to shareholders in secondary transactions. Today, Carta’s platform manages nearly three trillion dollars in equity globally.

For more information about our offices and culture, check out our Carta careers page.

The Problems You'll Solve

At Carta, our employees set out on a mission to unlock the power of equity ownership for more people in more places. We believe that the problems we solve today unlock the opportunities of tomorrow. As a Senior Security Engineer II, you’ll help us solve problems that include:

• How do we enable automated security practices (vulnerability management, detection & response, etc.) without interrupting business processes?
• How do we maintain situational awareness across multiple cloud infrastructures, corporate environments, and data sensitivity levels, all in a growing environment?
• How do we incorporate threat intelligence into proactive defense in an automated and reliable fashion?
• How do we preserve a high level of customer privacy while also establishing an effective response posture?

The Team You'll Work With

You’ll be joining our Security Operation team as a Senior Security Engineer II.

This role is within the Security Engineering Organization. You will gather logs & telemetry from many sources, identify risks, create automations to boost efficiency, as well as investigate and remediate threats. To complete this mission, we need people who are passionate about detection, response, automation, and monitoring - willing to go the extra mile to find the needle in the haystack. We believe in creating teams (not rockstars), progress (not immediate perfection), and fostering a creative environment for research. We measure success not by how many bugs you find or tasks you complete, but by how much risk you reduce in the organization and how you work to improve the security of those around you.

We get to work in an environment that uses infrastructure-as-code, Kubernetes, role-based access, with engineers who care about the integrity and security of our data. When things go bump in the night (or during the day!), you’ll be there to help guide the business to a safer path. You’ll help craft the next generation of Carta’s security operations programs, working with our team to help secure the future of our business. Your work will span across technologies, stacks, and languages, and you’ll help ensure a safe and secure workplace for all Cartans.

About You

• Strong knowledge of cloud services and infrastructure (e.g., Google Cloud, GSuite, AWS, Okta) with experience in associated automation tools (Terraform, GAM).
• Proficient in attack models, notably MITRE’s ATT&CK framework, and their defensive applications in enterprise settings.
• Minimum of 8-10 years hands-on experience in security operations, emphasizing detection, response, identity/access, auditing, alerting, automation, orchestration, and threat hunting.
• Demonstrable experience with incident response practices, including creating rapid response automations to expedite incident remediation.
• Ability to identify security visibility gaps and collaborate with engineering teams to ensure comprehensive log/signal availability and data normalization across diverse sources.
• Skilled in:
• Administering SIEM solutions (SnowFlake, DataDog, Splunk, etc).
• Security automation development, preferably in Python or with a SOAR platform.
• Establishing and maintaining logging pipelines, parsing logs, and creating monitoring alerts/detections.
• Implementing endpoint state attestation tools.
• Superior written communication skills adaptable to varied audiences.

Role locations: NYC, SF, Santa Clara, Seattle. We are open to Remote hires in specific locations.

We are also open to candidates with diverse technical backgrounds, including SRE and other complementary experiences (not exclusively security-focused).

Salary

Carta’s compensation package includes a market competitive salary, equity for all full time roles, exceptional benefits, and, for applicable roles, commissions plans. Our minimum cash compensation (salary + commission if applicable) range for this role is:

• $229,500 - $270,000 in San Francisco, CA; Santa Clara, CA; or New York City, NY
• $218,025 - $256,500 in Seattle, WA

Final offers may vary from the amount listed based on geography, candidate experience and expertise, and other factors.

We are hiring for multiple levels and locations, so final offers may vary from the amounts listed based on geography, experience and expertise, and other factors.

We are an equal opportunity employer and are committed to providing a positive interview experience for every candidate. If accommodations due to a disability or medical condition are needed, please connect with the recruiter via email. As a company, we value fairness, helpfulness, transparency, leadership and build our teams around these values. Check out our careers page to get to know us better as you think about your next step at Carta.

Important Security Notice for Candidates

Our company has been targeted by individuals creating fake domains similar to ours to scam prospects and candidates. Please note that all official communications from us will come from an @carta.com domain. Be cautious of any requests for sensitive information or payments outside of our official channels. For more information about this type of scam, please review the guidelines provided by the Federal Trade Commission (FTC). If you encounter any suspicious activity, please report it immediately to [email protected].

Awards and Acknowledgements

Companies and funds like Tribe and Pipe build their businesses on Carta. The company has been included on the Forbes World’s Best Cloud Companies, Fast Company's Most Innovative list, and Inc.’s Fastest-Growing Private Companies. We’ve also been recognized as a 2023 Built In Best Place to Work in the U.S., a Muse VIBE Award winner in the Vacation and Time Off category and certified as a Great Place to Work.

Interested in data privacy? Check out our policies on Privacy and CA Candidate Privacy.