Filtr uses AI to scan 1000+ jobs and finds postings that perfectly matches your resume

Carta needs to design and evolve its product security program to address security vulnerabilities in its software and infrastructure, ensuring private markets operate more securely and efficiently, similar to public markets.

Requirements

• 5+ years of experience in product or application security with demonstrable expertise in secure software development and infrastructure security.
• Deep understanding of threat modeling, risk management, and vulnerability assessment methodologies.
• Experience with secure API development, microservices security, and addressing emerging infrastructure security challenges.
• Proficiency in multiple programming languages (e.g., Python, Django, Java, JavaScript) and familiarity with secure coding practices and frameworks such as OWASP SAMM.
• Hands-on experience with security tools and experience integrating automated security testing into CI/CD pipelines.
• Familiarity with cloud security best practices and container security technologies.
• Proven experience managing bug bounty programs and working with platforms such as Bugcrowd.

Responsibilities

• Define and drive the product security best practices across product teams.
• Perform threat modeling exercises for new and existing products to identify potential security vulnerabilities.
• Integrate security best practices into the Software Development Lifecycle (SDLC) and infrastructure design.
• Perform comprehensive security testing, including code reviews, penetration testing, fuzz testing, and the development of automated security tools.
• Manage and enhance our bug bounty programs and third-party security testing initiatives, engaging with platforms such as Bugcrowd.
• Assess and improve the security posture of supporting infrastructure and third-party integrations.
• Participate in security incident response efforts, conduct root cause analyses, and coordinate remediation across teams in partnership with Security operations.

Other

• Mentor and guide junior security engineers and cross-functional teams on secure development practices.
• Evaluate vulnerability reports from external researchers, prioritize remediation efforts, and clearly communicate findings to relevant stakeholders.
• Support compliance efforts to align with industry standards and regulations (e.g., SOC2, GLBA, etc) while driving continuous improvement in security processes and policies.
• Stay current with emerging security trends and technologies, integrating them into our security framework as appropriate.
• Excellent leadership, communication, and collaboration skills, with the ability to work effectively across diverse teams.