Senior Security Analyst

Senior Security Analyst to shape detection and response capabilities, lead incidents, develop tools, and improve security posture.

At Carta, our employees set out on a mission to unlock the power of equity ownership for more people in more places.

As a Senior Security Analyst, you’ll directly shape and strengthen our detection and response capabilities, help mature our security operations, and ultimately protect the organization from evolving threats. You’ll play a critical role in leading incidents, developing internal tools and playbooks, and reducing response times through automation and continuous improvement. You’ll serve as a point-of-contact for incidents and collaborate with stakeholders to shape the future of Carta’s security posture.

Here are some problems we’d love for you to help us solve:

Lead investigation and response efforts for security incidents, and coordinate with internal stakeholders and external partners when necessary.
Own detection use-case development and write and tune alerts to improve signal-to-noise ratio across our environments.
Maintain and continually improve security incident response plans, playbooks, and related documentation.
Develop and maintain internal tooling and automations to improve analyst efficiency for alert triage, IOC enrichment, and evidence collection.
Support compliance and audit needs (SOC 2, ISO, etc.) related to detection and monitoring controls.
Elevate the Security team by coaching peers, raising the standard for detection quality and helping shape response maturity.
Conduct threat hunting and utilize threat intelligence to proactively identify and mitigate emerging risks.
Participate in on-call rotation and continuously improve readiness and handovers.

About You

We’re looking for candidates who have:

Deep experience in triaging, investigating, and remediating security events and incidents across multiple technology stacks.
Strong experience with SIEM, EDR, and other security tooling.
Experience writing code or scripts (Python, bash, shell) to drive automation and efficiency.
Solid understanding and a proven ability to apply detection engineering and threat modeling concepts using MITRE ATT&CK or similar frameworks.
Excellent judgement and the ability to handle ambiguity and make balanced decisions when working with complex situations.
Proven ability to proactively collaborate with cross-functional teams to influence security priorities and guide risk-based decisions.
Excellent written and verbal communication skills, including the ability to effectively communicate cybersecurity risk across technical and non-technical audiences.
4+ years of experience in incident management and response functions.

About You

We’re looking for candidates who have:

Deep experience in triaging, investigating, and remediating security events and incidents across multiple technology stacks.

Strong experience with SIEM, EDR, and other security tooling.

Experience writing code or scripts (Python, bash, shell) to drive automation and efficiency.

Solid understanding and a proven ability to apply detection engineering and threat modeling concepts using MITRE ATT&CK or similar frameworks.

Excellent judgement and the ability to handle ambiguity and make balanced decisions when working with complex situations.

Proven ability to proactively collaborate with cross-functional teams to influence security priorities and guide risk-based decisions.

Excellent written and verbal communication skills, including the ability to effectively communicate cybersecurity risk across technical and non-technical audiences.

4+ years of experience in incident management and response functions.