Senior Security Engineer

Upstart is a leading AI lending marketplace dedicated to reducing the cost and complexity of borrowing for all Americans. As a Senior Security Engineer, you will identify risks, build controls to mitigate them, and develop solutions to enhance the security of Upstart's products and enterprise while collaborating across teams.

Responsibilities:

• Architect and build software solutions (Workflows, Services, and internal tools) that accelerate security
• Elevate security maturity across the organization by mentoring engineers, influencing leadership through clear risk metrics, and fostering a culture where security enables innovation
• Continuously improve systems by learning from real-world signals such as false positives, operational feedback, and evolving threats
• Serve as a senior technical authority during high-severity incidents, driving root cause analysis and durable architectural improvements

Requirements:

• Proven track record of owning security initiatives end-to-end, including post-launch validation, monitoring, and iterative improvement
• Experience performing security reviews (e.g., design reviews, threat modeling, architecture assessments) and driving actionable outcomes
• Demonstrated ability to identify, investigate, and remediate complex security issues across one or more domains
• Experience developing code and building services to enhance unique security needs
• Demonstrated ability to leverage AI-assisted tools (e.g., code generation, analysis, or investigation tools) to improve productivity while maintaining security and quality standards
• Experience working with diverse data domains (e.g., analytics, reporting, business operations, or people data)
• Experience assessing security risks in AI/ML systems (e.g., prompt injection, model misuse, data poisoning, access control around models)
• Experience building applications hosted in a K8s environment
• Experience with security orchestration tools for automating processes that are adopted beyond a single team
• Experience partnering with Legal, Risk, Compliance, and Audit teams to operationalize security controls in regulated environments