[Remote] Principal Security Engineer, Infrastructure Security

Note: The job is a remote job and is open to candidates in USA. Upstart is a leading AI lending marketplace focused on reducing the cost and complexity of borrowing for Americans. They are seeking a Principal Security Engineer to define and drive the technical strategy for securing Upstart's production infrastructure and developer platforms, collaborating with various teams to reduce risk and enhance security practices.

Responsibilities

• Define and drive Upstart’s infrastructure security strategy, aligning secure-by-default principles with business priorities, regulatory expectations, and Upstart’s cloud-native engineering roadmap
• Own the security roadmap for cloud, platform, compute, and deployment environments, partnering with infrastructure, platform, SRE, and product engineering leaders to reduce risk across multiple organizations
• Lead security architecture reviews for critical infrastructure initiatives, influencing technical decisions in areas such as cloud IAM, Kubernetes, container security, network segmentation, secrets management, CI/CD, and infrastructure-as-code
• Identify and reduce systemic infrastructure security risks by designing durable preventative controls, guardrails, and automation that improve security outcomes across engineering teams
• Establish standards and patterns for production access, service identity, workload trust, infrastructure hardening, vulnerability management, and secure operational practices
• Partner with engineering teams to improve the security of AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments
• Serve as a senior technical authority during high-severity security or production incidents, driving root cause analysis, risk-based prioritization, and long-term architectural improvements
• Elevate infrastructure security maturity across Upstart by mentoring engineers, influencing senior stakeholders through clear risk communication, and helping teams build secure systems with less friction

Skills

• 8+ years of experience in security engineering, infrastructure engineering, software engineering, or a related technical role
• 4+ years of experience focused on infrastructure, cloud, platform, or production security
• Experience securing cloud-native infrastructure in AWS or a similar cloud environment
• Experience with multiple infrastructure security domains, such as cloud IAM, Kubernetes or container security, network security, secrets management, infrastructure-as-code, CI/CD security, production access, or vulnerability management
• Experience writing code or automation in Python, Go, Java, Ruby, or a similar programming language
• Experience leading security architecture reviews or technical risk assessments for complex production systems
• Experience designing and implementing preventative security controls, guardrails, or platform-level security solutions used by multiple engineering teams
• Experience leading cross-functional security initiatives with infrastructure, platform, SRE, product engineering, risk, compliance, or audit stakeholders
• 10+ years of experience spanning security engineering, infrastructure engineering, software engineering, or cloud platform engineering
• Experience owning a security roadmap for a technical domain that spans multiple teams or organizations
• Experience with Kubernetes security, service-to-service trust models, workload identity, runtime security, or cloud-native network controls
• Experience improving cloud security posture management, hardening baselines, drift detection, or infrastructure vulnerability management programs
• Experience building or scaling infrastructure security programs, including defining metrics, maturity models, and risk-based prioritization frameworks
• Familiarity with security considerations for AI-assisted engineering workflows, including code generation, code review tooling, agentic automation, and sensitive data exposure risks
• Experience partnering with Legal, Risk, Compliance, or Audit teams to operationalize security controls in a regulated environment
• Security certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, CCSP, or equivalent practical expertise

Benefits

• Target bonuses
• Equity compensation
• Generous benefits packages (including medical, dental, vision, and 401k)
• Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly
• Retirement benefits to help you plan for the future, including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed, up to $15,000 annually (USD in the US, CAD in Canada)
• Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees (US only)
• Comprehensive health coverage designed to support you and your family, including medical, dental, vision, and wellness resources for US and supplemental health coverage for Canada.
• Health Savings Account contributions from Upstart for eligible plans (US only)
• Income protection benefits, including life insurance and disability coverage for added financial security
• Paid time off, sick leave, and company holidays, in line with local requirements
• Paid family and parental leave to support caregiving and major life moments (duration varies by country)
• Family-centered benefits to support fertility, parenthood, and caregiving needs
• Employee Assistance Program (EAP) offering mental health support and life-centered resources
• Financial wellness resources, including access to financial planning tools and a financial concierge service (US Only)
• Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you
• Annual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from
• Connection and community through team events, all-company updates, and employee resource groups (ERGs)
• Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our offices in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!)

Company Overview