Security Compliance Engineer

About Cartesia

Our mission is to build the next generation of AI: ubiquitous, interactive intelligence that runs wherever you are. Today, not even the best models can continuously process and reason over a year-long stream of audio, video and text—1B text tokens, 10B audio tokens and 1T video tokens—let alone do this on-device.

We're pioneering the model architectures that will make this possible. Our founding team met as PhDs at the Stanford AI Lab, where we invented State Space Models or SSMs, a new primitive for training efficient, large-scale foundation models. Our team combines deep expertise in model innovation and systems engineering paired with a design-minded product engineering team to build and ship cutting edge models and experiences.

We're funded by leading investors at Index Ventures and Lightspeed Venture Partners, along with Factory, Conviction, A Star, General Catalyst, SV Angel, Databricks and others. We're fortunate to have the support of many amazing advisors, and 90+ angels across many industries, including the world's foremost experts in AI.

Role Responsibilities

We are seeking a Security Compliance Engineer with DevOps and Cloud experience to enhance our engineering team. This role combines security, compliance, and DevSecOps to ensure our infrastructure is secure, compliant, and efficiently managed. As a key member of the Information Security group, you will maintain and enhance our established compliance programs while driving security excellence across our engineering organization. This role combines hands-on technical and deep compliance expertise to ensure continued customer trust as we scale.

Key Responsibilities

• Design, implement, and work with other engineering teams to operate security tools and programs across the organization including access control & workflows, vulnerability management, and detection/response systems.

• Implement, configure security tools and fast learning of new security technologies in cloud infrastructure and product security.

• Maintain SOC 2 Type II, HIPAA, GDPR, ISO 27001, and PCI DSS compliance programs including annual audits and remediation

• Partner with business operations team to conduct security assessments of vendors and complete customer security questionnaires

• Build and maintain security policies, procedures, and incident response protocols

• Lead cross-functional security initiatives including access management, vulnerability remediation, and security training

• Create dashboards and reports to track security metrics and compliance status

What You'll Bring

• 4+ years of hands-on security and compliance experience at B2B SaaS companies

• Proven track record collaborating with engineering teams on security architecture and controls

• Exceptional communication skills for both technical and business stakeholders

• Track record of building or maintaining compliance programs from the ground up

• Ability to execute in fast-paced startup environments

Nice-to-Haves

• Early-stage startup experience (Series A-C preferred)

• Security certifications (CISSP, CISA, or equivalent)

• Experience with GRC tools (Vanta, Drata, OneTrust)

• Knowledge of cloud security (AWS, GCP, Azure)

• Understanding of DevSecOps practices and security automation

Our culture

🏢 We’re an in-person team based out of San Francisco. We love being in the office, hanging out together and learning from each other everyday.

🚢 We ship fast. All of our work is novel and cutting edge, and execution speed is paramount. We have a high bar, and we don’t sacrifice quality and design along the way.

🤝 We support each other. We have an open and inclusive culture that’s focused on giving everyone the resources they need to succeed.

Our perks

🍽 Lunch, dinner and snacks at the office.

🏥 Fully covered medical, dental, and vision insurance for employees.

🏦 401(k).

✈️ Relocation and immigration support.

🦖 Your own personal Yoshi.