Principal Security Engineer, Data Security

Upstart is an AI lending marketplace focused on reducing the cost and complexity of borrowing for Americans. The Principal Security Engineer will lead the data security program, designing and implementing scalable data security capabilities while collaborating with cross-functional teams to protect sensitive data.

Responsibilities:

• Lead the design and execution of Upstart’s data security program, from early foundations through mature, scalable systems
• Architect and build software solutions (APIs, services, and internal tools) that enable effective data protection and governance
• Partner closely with Engineering, Analytics, Product, Legal, Risk, HR, and other stakeholders to secure sensitive data across diverse domains
• Establish clear goals, success metrics, and accountability for data security initiatives
• Drive adoption of least-privilege access models and modern data protection patterns across the organization
• Mentor engineers and security practitioners, fostering strong technical standards and a culture of ownership
• Continuously improve systems by learning from real-world signals such as false positives, operational feedback, and evolving threats

Requirements:

• Bachelor's degree in Computer Science, Engineering, or Mathematics, or a related field (or its equivalent)
• 8 years of experience
• Extensive experience across enterprise and operational security domains, with deep focus on Data Security and Identity & Access Management
• Experience owning or leading a Data Security, DLP (Data Loss Prevention), or DSPM (Data Security Posture Management) initiatives
• Proven experience leading security programs that span multiple teams and functions
• Strong software engineering background, with the ability to design and build production-quality systems (e.g., APIs, services, or internal web applications)
• Experience launching new security capabilities or programs from 0 to 1 in complex environments
• Deep understanding of least-privilege principles and practical experience applying them at scale
• Excellent communication skills, with the ability to influence senior technical and non-technical stakeholders
• Ability to navigate ambiguity, make sound tradeoffs, and independently drive meaningful change
• Familiarity with modern data protection tooling such as endpoint DLP, data classification, or posture management platforms
• Experience working with diverse data domains (e.g., analytics, reporting, business operations, or people data)
• Contributions to the security community through talks, publications, open-source projects, or other industry involvement
• Familiarity with compliance frameworks such as SOC 1, SOC 2, and SOX
• Interest in long-term growth as a senior individual contributor, with openness to future people leadership paths