Senior Application Security Engineer

Job Description

Carta is seeking a Senior Application Security Engineer to enhance its product security program. The successful candidate will collaborate with product and infrastructure engineering teams to define and implement security best practices across the organization.Carta is building the end-to-end ERP platform for private markets.Responsibilities:

• Define and drive product security best practices across product teams.
• Mentor junior security engineers and cross-functional teams.
• Perform threat modeling exercises and develop mitigation strategies.
• Integrate security best practices into the SDLC and infrastructure design.
• Conduct security testing, including code reviews and penetration testing.
• Manage and enhance bug bounty programs.
• Support compliance efforts and drive continuous improvement in security processes.
• Participate in security incident response efforts.

Requirements:

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field.
• 5+ years of experience in product or application security.
• Expertise in secure software development and infrastructure security.
• Deep understanding of threat modeling, risk management, and vulnerability assessment methodologies.
• Experience with secure API development and microservices security.
• Proficiency in multiple programming languages (e.g., Python, Django, Java, JavaScript).
• Hands-on experience with security tools and automated security testing.
• Excellent leadership, communication, and collaboration skills.

The role offers:

• Opportunity to change the product, the pipeline, and developer onboarding.
• Chance to design and evolve the product security program.
• Collaboration with product and infrastructure engineering teams.