[Hiring] Principal Security Engineer, Infrastructure Security @Upstart

Role Description

As the Principal Security Engineer at Upstart, you will define and drive the technical strategy for securing Upstart’s production infrastructure and developer platforms. You will lead cross-functional and cross-organizational efforts to reduce systemic infrastructure risk, influence architecture and engineering roadmaps, and build durable security controls that scale across teams. This role is well suited for a senior technical leader who brings deep infrastructure security expertise, strong engineering judgment, and the ability to translate complex security risks into practical, high-impact improvements for the business.

• Define and drive Upstart’s infrastructure security strategy, aligning secure-by-default principles with business priorities, regulatory expectations, and Upstart’s cloud-native engineering roadmap.
• Own the security roadmap for cloud, platform, compute, and deployment environments, partnering with infrastructure, platform, SRE, and product engineering leaders to reduce risk across multiple organizations.
• Lead security architecture reviews for critical infrastructure initiatives, influencing technical decisions in areas such as cloud IAM, Kubernetes, container security, network segmentation, secrets management, CI/CD, and infrastructure-as-code.
• Identify and reduce systemic infrastructure security risks by designing durable preventative controls, guardrails, and automation that improve security outcomes across engineering teams.
• Establish standards and patterns for production access, service identity, workload trust, infrastructure hardening, vulnerability management, and secure operational practices.
• Partner with engineering teams to improve the security of AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments.
• Serve as a senior technical authority during high-severity security or production incidents, driving root cause analysis, risk-based prioritization, and long-term architectural improvements.
• Elevate infrastructure security maturity across Upstart by mentoring engineers, influencing senior stakeholders through clear risk communication, and helping teams build secure systems with less friction.

Qualifications

• 8+ years of experience in security engineering, infrastructure engineering, software engineering, or a related technical role.
• 4+ years of experience focused on infrastructure, cloud, platform, or production security.
• Experience securing cloud-native infrastructure in AWS or a similar cloud environment.
• Experience with multiple infrastructure security domains, such as cloud IAM, Kubernetes or container security, network security, secrets management, infrastructure-as-code, CI/CD security, production access, or vulnerability management.
• Experience writing code or automation in Python, Go, Java, Ruby, or a similar programming language.
• Experience leading security architecture reviews or technical risk assessments for complex production systems.
• Experience designing and implementing preventative security controls, guardrails, or platform-level security solutions used by multiple engineering teams.
• Experience leading cross-functional security initiatives with infrastructure, platform, SRE, product engineering, risk, compliance, or audit stakeholders.

Requirements

• 10+ years of experience spanning security engineering, infrastructure engineering, software engineering, or cloud platform engineering.
• Experience owning a security roadmap for a technical domain that spans multiple teams or organizations.
• Experience with Kubernetes security, service-to-service trust models, workload identity, runtime security, or cloud-native network controls.
• Experience improving cloud security posture management, hardening baselines, drift detection, or infrastructure vulnerability management programs.
• Experience building or scaling infrastructure security programs, including defining metrics, maturity models, and risk-based prioritization frameworks.
• Familiarity with security considerations for AI-assisted engineering workflows, including code generation, code review tooling, agentic automation, and sensitive data exposure risks.
• Experience partnering with Legal, Risk, Compliance, or Audit teams to operationalize security controls in a regulated environment.
• Security certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, CCSP, or equivalent practical expertise.

Benefits

• Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly.
• Retirement benefits to help you plan for the future, including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed, up to $15,000 annually (USD in the US, CAD in Canada).
• Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees (US only).
• Comprehensive health coverage designed to support you and your family, including medical, dental, vision, and wellness resources for US and supplemental health coverage for Canada.
• Health Savings Account contributions from Upstart for eligible plans (US only).
• Income protection benefits, including life insurance and disability coverage for added financial security.
• Paid time off, sick leave, and company holidays, in line with local requirements.
• Paid family and parental leave to support caregiving and major life moments (duration varies by country).
• Family-centered benefits to support fertility, parenthood, and caregiving needs.
• Employee Assistance Program (EAP) offering mental health support and life-centered resources.
• Financial wellness resources, including access to financial planning tools and a financial concierge service (US Only).
• Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you.
• Annual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from.
• Connection and community through team events, all-company updates, and employee resource groups (ERGs).
• Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our offices in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!).