Principal Security Engineer

About Upstart

Upstart is the leading AI lending marketplace partnering with banks and credit unions to expand access to affordable credit. By leveraging Upstart's AI marketplace, Upstart-powered banks and credit unions can have higher approval rates and lower loss rates across races, ages, and genders, while simultaneously delivering the exceptional digital-first lending experience their customers demand. More than 80% of borrowers are approved instantly, with zero documentation to upload.

Upstart is a digital-first company, which means that most Upstarters live and work anywhere in the United States. However, we also have offices in San Mateo, California; Columbus, Ohio; and Austin, Texas.

Most Upstarters join us because they connect with our mission of enabling access to effortless credit based on true risk. If you are energized by the impact you can make at Upstart, we’d love to hear from you!

Upstart’s Security team is dedicated to advancing security practices that enhance the safety of our products, customers, and partners.  We believe that security should empower innovation, move at the speed of business, and be designed for safety from the ground up. Our mission is to protect Upstart’s products &  enterprise, and manage threats to Upstart. We achieve this  through automation, strong collaboration with partner teams, and a commitment to maintain a positive experience for Upstarters..As a Principal Security Engineer, you will play a pivotal role in shaping Upstart’s security strategy. You will architect, design, and influence our security measures across  all security controls while driving our roadmap forward. Partnering closely with  Engineering and business leaders, you will develop and implement security patterns  to protect our products while enabling developers. This role requires a well-rounded security practitioner who can mentor engineers, stay ahead  of emerging threats, and effectively communicate security risks to senior and executive stakeholders.

How you’ll make an impact:

• Lead complex, high-impact security initiatives with cross-team dependencies  across our products, services, infrastructure, and enterprise
• Collaborate with key stakeholders to develop  and implement security patterns that reduce risk and enable developers
• Provide mentorship, foster a strong security culture and promote security excellence
• Continually assess Upstart’s security risk posture and influencing priorities and roadmap decisions
• Stay at the forefront of innovative security solutions to strengthen our stance
• Monitor emerging threats and attack methods, ensuring Upstart remains  one step ahead

What we’re looking for: 

• Minimum requirements:
• Deep expertise across multiple security domains (e.g. Application Security, Infrastructure Security, Enterprise Security, Detection & Response, Security GRC, Customer Trust, Offensive Security)
• Demonstrable track record as an influential security leader, driving security solutions across multiple stakeholder groups
• Experience with advanced threat modeling techniques and risk assessment
• Strong communication skills, capable of engaging engineers and senior leadership through clear, concise, and effective messaging (both written and verbal).
• Ability to promote innovative security solutions while independently navigating ambiguity to drive change.
• 10+ years of experience in security leadership, open to strong individual contributors and people managers

• Preferred qualifications:
  • Strong security program management experience, leading large-scale, multi-team security initiatives.
  • Contributions to the security industry (e.g. industry presentations, white papers, OSS projects, patents)
  • Familiarity with compliance frameworks, including SOC1, SOC2, and SOX

Position Location – This role is available in the following locations: Remote, San Mateo, Columbus, Austin 

Time Zone Requirements – This team operates across all U.S. time zones.

Travel Requirements – This team has regular on-site collaboration sessions. These occur 3 days per quarter at an Upstart office. If you need to travel to make these meetups, Upstart will cover all travel related expenses.

What you'll love: 

• Competitive Compensation (base + bonus & equity)
• Comprehensive medical, dental, and vision coverage with Health Savings Account contributions from Upstart 
• 401(k) with 100% company match up to $4,500 and immediate vesting and after-tax savings
• Employee Stock Purchase Plan (ESPP)
• Life and disability insurance
• Generous holiday, vacation, sick and safety leave  
• Supportive parental, family care, and military leave programs
• Annual wellness, technology & ergonomic reimbursement programs
• Social activities including team events and onsites, all-company updates, employee resource groups (ERGs), and other interest groups such as book clubs, fitness, investing, and volunteering
• Catered lunches + snacks & drinks when working in offices