The Team You’ll Work With
You’ll be joining our Security Operation team as a Senior Security Engineer.
This role is within the Security Engineering Organization. You will gather logs & telemetry from many sources, identify risks, create automations to boost efficiency, as well as investigate and remediate threats. To complete this mission, we need people who are passionate about detection, response, automation, and monitoring - willing to go the extra mile to find the needle in the haystack. We believe in creating teams (not rockstars), progress (not immediate perfection), and fostering a creative environment for research. We measure success not by how many bugs you find or tasks you complete, but by how much risk you reduce in the organization and how you work to improve the security of those around you.
We get to work in an environment that uses infrastructure-as-code, Kubernetes, role-based access, with engineers who care about the integrity and security of our data. When things go bump in the night (or during the day!), you’ll be there to help guide the business to a safer path. You’ll help craft the next generation of Carta’s security operations programs, working with our team to help secure the future of our business. Your work will span across technologies, stacks, and languages, and you’ll help ensure a safe and secure workplace for all Cartans.
The Problems You’ll Solve
Some of the problems you’ll help us solve are:
- How do we enable automated security practices (vulnerability management, detection & response, etc.) without interrupting business processes?
- How do we maintain situational awareness across multiple cloud infrastructures, corporate environments, and data sensitivity levels, all in a growing environment?
- How do we incorporate threat intelligence into proactive defense in an automated and reliable fashion?
- How do we preserve a high level of customer privacy while also establishing an effective response posture?
- Strong knowledge of cloud services and infrastructure (e.g., Google Cloud, GSuite, AWS, Okta) with experience in associated automation tools (Terraform, GAM).
- Proficient in attack models, notably MITRE’s ATT&CK framework, and their defensive applications in enterprise settings.
- Minimum of 8-10 years hands-on experience in security operations, emphasizing detection, response, identity/access, auditing, alerting, automation, orchestration, and threat hunting.
- Demonstrable experience with incident response practices, including creating rapid response automations to expedite incident remediation.
- Ability to identify security visibility gaps and collaborate with engineering teams to ensure comprehensive log/signal availability and data normalization across diverse sources.
- Skilled in:
- Administering SIEM solutions (SnowFlake, DataDog, Splunk, etc).
- Security automation development, preferably in Python or with a SOAR platform.
- Establishing and maintaining logging pipelines, parsing logs, and creating monitoring alerts/detections.
- Implementing endpoint state attestation tools.
- Superior written communication skills adaptable to varied audiences.
Role locations: NYC, SF, Santa Clara, or Seattle.
*Open to candidates with diverse technical backgrounds, including SRE and other complementary experiences, not exclusively security-focused.
At Carta, you’re not just an employee. You’re a builder who is creating infrastructure that accelerates innovation and empowers more ownership. Cartans are helpful, relentless, unconventional and kind; representing Carta’s Identity Traits. They work collaboratively and cross functionally to challenge the status quo; working towards a common goal of creating more owners in the private markets.
Carta’s compensation package includes a market competitive salary, equity for all full time roles, exceptional benefits, and, for applicable roles, commissions plans. Our minimum cash compensation (salary + commission if applicable) range for this role is:
- $229,500 - $270,000 in San Francisco, CA; Santa Clara, CA; or New York City, NY
- $206,550 - $243,000 in Seattle, WA
Final offers may vary from the amount listed based on geography, candidate experience and expertise, and other factors.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided