Key skills
Security initiative ownershipSecurity reviewsThreat modelingArchitecture assessmentsSecurity issue investigationremediationSoftware development for securityAI-assisted tool usageData domain experienceAI/ML security risk assessmentKubernetesSecurity orchestration toolsRegulatory security complianceAIMLAnalyticsK8sLeadershipMentoring
About this role
Upstart is an AI lending marketplace focused on reducing borrowing costs and complexities for Americans. The Senior Security Engineer will be responsible for identifying risks, building controls, and developing solutions to enhance security practices across the organization while collaborating with cross-functional teams.
Responsibilities:
- Architect and build software solutions (Workflows, Services, and internal tools) that accelerate security
- Elevate security maturity across the organization by mentoring engineers, influencing leadership through clear risk metrics, and fostering a culture where security enables innovation
- Continuously improve systems by learning from real-world signals such as false positives, operational feedback, and evolving threats
- Serve as a senior technical authority during high-severity incidents, driving root cause analysis and durable architectural improvements
Requirements:
- Proven track record of owning security initiatives end-to-end, including post-launch validation, monitoring, and iterative improvement
- Experience performing security reviews (e.g., design reviews, threat modeling, architecture assessments) and driving actionable outcomes
- Demonstrated ability to identify, investigate, and remediate complex security issues across one or more domains
- Experience developing code and building services to enhance unique security needs
- Demonstrated ability to leverage AI-assisted tools (e.g., code generation, analysis, or investigation tools) to improve productivity while maintaining security and quality standards
- Experience working with diverse data domains (e.g., analytics, reporting, business operations, or people data)
- Experience assessing security risks in AI/ML systems (e.g., prompt injection, model misuse, data poisoning, access control around models)
- Experience building applications hosted in a K8s environment
- Experience with security orchestration tools for automating processes that are adopted beyond a single team
- Experience partnering with Legal, Risk, Compliance, and Audit teams to operationalize security controls in regulated environments