Carta
Senior Software Engineer, Product Security
Join to apply for the
Senior Software Engineer, Product Security
role at
Carta Senior Software Engineer, Product Security
1 week ago Be among the first 25 applicants Join to apply for the
Senior Software Engineer, Product Security
role at
Carta The Company You’ll Join
Carta connects founders, investors, and limited partners through world-class software, purpose-built for everyone in venture capital, private equity and private credit. Trusted by 65,000+ companies in 160+ countries, Carta’s platform of software and services lays the groundwork so you can build, invest, and scale with confidence.
Carta’s Fund Administration platform supports 9,000+ funds and SPVs, representing nearly $185B in assets under management, with tools designed to enhance the strategic impact of fund CFOs. Recognized by Fortune, Forbes, Fast Company, Inc. and Great Places to Work, Carta is shaping the future of private market infrastructure.
Together, Carta is creating the end-to-end ERP platform for private markets. Traditional ERP solutions don’t work for Private Funds. Private capital markets need a comprehensive software solution to replace outdated spreadsheets and fragmented service providers. Carta’s software for the Office of the Fund CFO does just that - it’s a new category of software to make private markets look more like public markets - a connected ERP for private capital.
For more information about our offices and culture, check out our Carta careers page.
The Problems You’ll Solve
As a
Senior Software Engineer, Product Security
with the power to change the product, the pipeline, and our developers on-boarding, you’ll be able to help us design and evolve our product security program. We are the partners of product and infrastructure engineering and need curious minds to help us keep paving the way.
Some of the problems you’ll help us solve are:
Leadership & Strategy
Define and drive the product security best practices across product teams. Mentor and guide junior security engineers and cross-functional teams on secure development practices.
Threat Modeling
Perform threat modeling exercises for new and existing products to identify potential security vulnerabilities. Develop and implement effective mitigation strategies in collaboration with product and engineering teams.
Secure Development & Architecture
Integrate security best practices into the Software Development Lifecycle (SDLC) and infrastructure design. Work closely with development and operations teams to design security into products from inception through deployment.
Vulnerability Management
Perform comprehensive security testing, including code reviews, penetration testing, fuzz testing, and the development of automated security tools.
Bug Bounty Program Management
Manage and enhance our bug bounty programs and third-party security testing initiatives, engaging with platforms such as Bugcrowd. Evaluate vulnerability reports from external researchers, prioritize remediation efforts, and clearly communicate findings to relevant stakeholders.
Compliance & Continuous Improvement
Support compliance efforts to align with industry standards and regulations (e.g., SOC2, GLBA, etc) while driving continuous improvement in security processes and policies. Assess and improve the security posture of supporting infrastructure and third-party integrations. Stay current with emerging security trends and technologies, integrating them into our security framework as appropriate.
Collaboration With Secops
Participate in security incident response efforts, conduct root cause analyses, and coordinate remediation across teams in partnership with Security operations.
About You
Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field. 5+ years of experience in product or application security with demonstrable expertise in secure software development and infrastructure security. (Strong preference for candidates who have been a Software Engineer and/or have experience building software applications.) Deep understanding of threat modeling, risk management, and vulnerability assessment methodologies. Experience with secure API development, microservices security, and addressing emerging infrastructure security challenges. Proficiency in multiple programming languages (e.g., Python, Django, Java, JavaScript) and familiarity with secure coding practices and frameworks such as OWASP SAMM. Hands-on experience with security tools and experience integrating automated security testing into CI/CD pipelines. Excellent leadership, communication, and collaboration skills, with the ability to work effectively across diverse teams.
Nice To Haves
Familiarity with cloud security best practices and container security technologies. Proven experience managing bug bounty programs and working with platforms such as Bugcrowd. Demonstrated track record in leading security initiatives within fast-paced, innovative environments
Salary
Benefits
Carta’s compensation package includes a market competitive salary, equity for all full time roles, exceptional benefits, and, for applicable roles, commissions plans. Our minimum cash compensation (salary + commission if applicable) range for this role is:
$191,250 - $225,000 in San Francisco, CA; Santa Clara, CA
Final offers may vary from the amount listed based on geography, candidate experience and expertise, and other factors.
Disclosures
We are an equal opportunity employer and are committed to providing a positive interview experience for every candidate. If accommodations due to a disability or medical condition are needed, please connect with the talent partner via email. Carta uses E-Verify in the United States for employment authorization. See the E-Verify and Department of Justice websites for more details. For information on our data privacy policies, see Privacy, CA Candidate Privacy, and Brazil Transparency Report. Please note that all official communications from us will come from an @carta.com or @carta-external.com domain. Report any contact from unapproved domains to security@carta.com.
Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Information Technology Industries Technology, Information and Internet and Financial Services Referrals increase your chances of interviewing at Carta by 2x Sign in to set job alerts for “Product Security Engineer” roles.
San Mateo, CA $100,000.00-$300,000.00 1 week ago Santa Clara, CA $89,000.00-$165,600.00 5 days ago Mountain View, CA $139,500.00-$202,100.00 1 week ago Sr. Product Security Infrastructure Engineer
San Mateo, CA $200,000.00-$300,000.00 2 weeks ago Product Security Engineer, Vehicle Software
Sr. Staff Product Security Engineer (PSIRT)
Principal Product Security Engineer (US Citizen)
Menlo Park, CA $147,000.00-$208,000.00 3 weeks ago Internship, Product Security Engineer, Vehicle Software (Winter/Spring 2026)
Product Security Engineer, Technical Lead
Menlo Park, CA $177,000.00-$251,000.00 2 weeks ago Mountain View, CA $150,000.00-$220,000.00 2 weeks ago Mountain View, CA $204,000.00-$259,000.00 1 week ago Santa Clara, CA $105,000.00-$227,000.00 6 days ago Full-Stack Engineer (L5), Identity & Security Experiences
Product Security Engineer, Technical Lead - Native
Palo Alto, CA $135,000.00-$200,000.00 1 year ago Offensive Security Engineer, Product Security
Foster City, CA $169,000.00-$230,000.00 2 weeks ago Senior Engineer - Product Security Testing
San Mateo, CA $155,000.00-$220,000.00 2 weeks ago Senior Security Engineer - Northwest region (San Jose, CA)
Mountain View, CA $150,000.00-$242,000.00 2 weeks ago Senior-Staff Software Engineer, Engineering Productivity
San Mateo, CA $130,000.00-$300,000.00 1 day ago San Mateo, CA $130,000.00-$280,000.00 4 days ago Embedded Security Engineer, Vehicle Software
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Join to apply for the
Senior Software Engineer, Product Security
role at
Carta Senior Software Engineer, Product Security
1 week ago Be among the first 25 applicants Join to apply for the
Senior Software Engineer, Product Security
role at
Carta The Company You’ll Join
Carta connects founders, investors, and limited partners through world-class software, purpose-built for everyone in venture capital, private equity and private credit. Trusted by 65,000+ companies in 160+ countries, Carta’s platform of software and services lays the groundwork so you can build, invest, and scale with confidence.
Carta’s Fund Administration platform supports 9,000+ funds and SPVs, representing nearly $185B in assets under management, with tools designed to enhance the strategic impact of fund CFOs. Recognized by Fortune, Forbes, Fast Company, Inc. and Great Places to Work, Carta is shaping the future of private market infrastructure.
Together, Carta is creating the end-to-end ERP platform for private markets. Traditional ERP solutions don’t work for Private Funds. Private capital markets need a comprehensive software solution to replace outdated spreadsheets and fragmented service providers. Carta’s software for the Office of the Fund CFO does just that - it’s a new category of software to make private markets look more like public markets - a connected ERP for private capital.
For more information about our offices and culture, check out our Carta careers page.
The Problems You’ll Solve
As a
Senior Software Engineer, Product Security
with the power to change the product, the pipeline, and our developers on-boarding, you’ll be able to help us design and evolve our product security program. We are the partners of product and infrastructure engineering and need curious minds to help us keep paving the way.
Some of the problems you’ll help us solve are:
Leadership & Strategy
Define and drive the product security best practices across product teams. Mentor and guide junior security engineers and cross-functional teams on secure development practices.
Threat Modeling
Perform threat modeling exercises for new and existing products to identify potential security vulnerabilities. Develop and implement effective mitigation strategies in collaboration with product and engineering teams.
Secure Development & Architecture
Integrate security best practices into the Software Development Lifecycle (SDLC) and infrastructure design. Work closely with development and operations teams to design security into products from inception through deployment.
Vulnerability Management
Perform comprehensive security testing, including code reviews, penetration testing, fuzz testing, and the development of automated security tools.
Bug Bounty Program Management
Manage and enhance our bug bounty programs and third-party security testing initiatives, engaging with platforms such as Bugcrowd. Evaluate vulnerability reports from external researchers, prioritize remediation efforts, and clearly communicate findings to relevant stakeholders.
Compliance & Continuous Improvement
Support compliance efforts to align with industry standards and regulations (e.g., SOC2, GLBA, etc) while driving continuous improvement in security processes and policies. Assess and improve the security posture of supporting infrastructure and third-party integrations. Stay current with emerging security trends and technologies, integrating them into our security framework as appropriate.
Collaboration With Secops
Participate in security incident response efforts, conduct root cause analyses, and coordinate remediation across teams in partnership with Security operations.
About You
Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field. 5+ years of experience in product or application security with demonstrable expertise in secure software development and infrastructure security. (Strong preference for candidates who have been a Software Engineer and/or have experience building software applications.) Deep understanding of threat modeling, risk management, and vulnerability assessment methodologies. Experience with secure API development, microservices security, and addressing emerging infrastructure security challenges. Proficiency in multiple programming languages (e.g., Python, Django, Java, JavaScript) and familiarity with secure coding practices and frameworks such as OWASP SAMM. Hands-on experience with security tools and experience integrating automated security testing into CI/CD pipelines. Excellent leadership, communication, and collaboration skills, with the ability to work effectively across diverse teams.
Nice To Haves
Familiarity with cloud security best practices and container security technologies. Proven experience managing bug bounty programs and working with platforms such as Bugcrowd. Demonstrated track record in leading security initiatives within fast-paced, innovative environments
Salary
Benefits
Carta’s compensation package includes a market competitive salary, equity for all full time roles, exceptional benefits, and, for applicable roles, commissions plans. Our minimum cash compensation (salary + commission if applicable) range for this role is:
$191,250 - $225,000 in San Francisco, CA; Santa Clara, CA
Final offers may vary from the amount listed based on geography, candidate experience and expertise, and other factors.
Disclosures
We are an equal opportunity employer and are committed to providing a positive interview experience for every candidate. If accommodations due to a disability or medical condition are needed, please connect with the talent partner via email. Carta uses E-Verify in the United States for employment authorization. See the E-Verify and Department of Justice websites for more details. For information on our data privacy policies, see Privacy, CA Candidate Privacy, and Brazil Transparency Report. Please note that all official communications from us will come from an @carta.com or @carta-external.com domain. Report any contact from unapproved domains to security@carta.com.
Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Information Technology Industries Technology, Information and Internet and Financial Services Referrals increase your chances of interviewing at Carta by 2x Sign in to set job alerts for “Product Security Engineer” roles.
San Mateo, CA $100,000.00-$300,000.00 1 week ago Santa Clara, CA $89,000.00-$165,600.00 5 days ago Mountain View, CA $139,500.00-$202,100.00 1 week ago Sr. Product Security Infrastructure Engineer
San Mateo, CA $200,000.00-$300,000.00 2 weeks ago Product Security Engineer, Vehicle Software
Sr. Staff Product Security Engineer (PSIRT)
Principal Product Security Engineer (US Citizen)
Menlo Park, CA $147,000.00-$208,000.00 3 weeks ago Internship, Product Security Engineer, Vehicle Software (Winter/Spring 2026)
Product Security Engineer, Technical Lead
Menlo Park, CA $177,000.00-$251,000.00 2 weeks ago Mountain View, CA $150,000.00-$220,000.00 2 weeks ago Mountain View, CA $204,000.00-$259,000.00 1 week ago Santa Clara, CA $105,000.00-$227,000.00 6 days ago Full-Stack Engineer (L5), Identity & Security Experiences
Product Security Engineer, Technical Lead - Native
Palo Alto, CA $135,000.00-$200,000.00 1 year ago Offensive Security Engineer, Product Security
Foster City, CA $169,000.00-$230,000.00 2 weeks ago Senior Engineer - Product Security Testing
San Mateo, CA $155,000.00-$220,000.00 2 weeks ago Senior Security Engineer - Northwest region (San Jose, CA)
Mountain View, CA $150,000.00-$242,000.00 2 weeks ago Senior-Staff Software Engineer, Engineering Productivity
San Mateo, CA $130,000.00-$300,000.00 1 day ago San Mateo, CA $130,000.00-$280,000.00 4 days ago Embedded Security Engineer, Vehicle Software
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr