Staff Security Engineer
Palo Alto, California, United States
The Company You’ll Join
At Carta we create owners and make private markets liquid.
We live in a world where some people live on the equity stack and enjoy exponential wealth growth and preferential tax treatment; others live on the debt stack and may work their entire lives for a company and retire only with the cash they’ve managed to save from their paychecks. Our contribution to solving the wealth inequality problem is moving people from the debt stack (payroll) to the equity stack. By making it as easy to issue equity to employees as it is to put them on payroll, we can create more owners.
At Carta, we are helpful, transparent, fair, and kind. We are relentless executors, unconventional thinkers, and masters of our craft.
The Team You’ll Work With
This role is on the Security Platform team within Security. You will be working with the team to take on projects which gather results from many sources, automatically build security into our product, and enable teams to secure themselves. Our risk models put teams in charge of owning risk, making us a trusted partner and reporter. To complete this mission we need people who are passionate about automation and security - half devops and half security professional. We believe in creating teams not rockstars, progress with a path to perfection, and creating an environment that fosters research. We measure success not by how many bugs you find or tasks you complete, but by how much risk you reduce in the organization by enabling teams to do those things and automating the rest.
We get to work in an environment that uses infrastructure-as-code, Kubernetes, role-based access, and with engineers who care about the integrity and security of our data.
The Problems You’ll Solve
Some of the problems you’ll help us solve are:
- How do you build a program that ties application security, container security, and cloud security together instead of treating them as separate specialities?
- How do we change the application framework to make security the easiest path?
- What techniques and games will enable development teams to threat model their products?
- What tools and information can we provide to ensure developers can effectively peer review code themselves?
- How do you encourage developers to continuously think about security using gamification and giving them results where they live - in the pipeline?
The Impact You’ll Have
With the power to change the product, the pipeline, and our developers on-boarding, you’ll be able to not only help us continue our security ownership program, you’ll also have the chance to build something new using your research. We are becoming the partner of engineering releasing quality software and we need curious minds to help us keep paving the way.
Roll-up-your sleeves, “swiss army knife” individual who is able to:
- Find non-standard ways to solve interesting problems
- Speak to risks around application, container, or cloud security vulnerabilities, remediations, and preventions
- Understand Threat Modeling and general software development practices, the associated risks, and the components of a modern product security program
- Work with cloud networking (e.g. AWS VPC, subnetting, etc)
- Secure products built using containerization (specifically, Docker and Kubernetes)
Carta is a Series F company and is backed by top-tier VCs like Andreessen Horowitz, Lightspeed Venture Partners, Meritech Capital, and more.
We are an equal opportunity employer and are committed to providing a positive interview experience for every candidate. If accommodations due to a disability or medical condition are needed, connect with us via email at firstname.lastname@example.org. As a company, we value fairness, helpfulness, transparency, leadership and build our teams around these values. Check out our careers page to get to know us better as you think about your next step at Carta.