Infrastructure Security Engineer

Upstart is an AI lending marketplace committed to reducing borrowing costs for Americans. The Infrastructure Security Engineer will design and implement security controls for cloud and platform systems, partner with engineering teams to identify security risks, and enhance automation for infrastructure security.

Responsibilities:

• Design and implement security controls for cloud, platform, and deployment systems, with a focus on secure defaults and durable risk reduction
• Partner with platform, SRE, and infrastructure teams to review architecture and infrastructure changes, identify security risks, and drive practical remediation plans
• Build and improve automation for infrastructure security, including controls for cloud IAM, Kubernetes and container environments, secrets handling, and infrastructure-as-code workflows
• Identify and remediate systemic weaknesses such as misconfigurations, exposed services, weak trust boundaries, and insecure defaults in production environments
• Support infrastructure vulnerability management by helping prioritize findings, validate fixes, and improve how issues are detected and prevented over time
• Help assess and improve security controls for AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments
• Respond to production security issues, investigate root causes using logs, dashboards, and system context, and contribute follow-up improvements that strengthen the platform
• Contribute to team effectiveness by documenting patterns, participating in design and code reviews, and helping raise the security quality bar across engineering

Requirements:

• Bachelor's degree and 3+ years of experience in security engineering, infrastructure engineering, or a related software engineering role
• Experience securing or operating cloud-native infrastructure in AWS or a similar cloud environment
• Experience with one or more of the following domains: cloud IAM, Kubernetes/container security, network security, secrets management, or infrastructure vulnerability management
• Experience writing code or automation in Python, Go, Java, or a similar programming language
• Experience reviewing system designs, infrastructure changes, or architecture proposals and driving actionable security outcomes
• Experience with infrastructure-as-code and CI/CD tooling such as Terraform, Helm, GitHub Actions, or similar technologies
• Experience investigating and resolving moderately complex production or security issues using logs, metrics, and debugging tools
• Experience using AI-assisted engineering tools responsibly, with an understanding of security considerations such as sensitive data exposure, unsafe automation, access boundaries, or insecure use of generated code and infrastructure changes
• Experience building preventative guardrails or automated controls that are adopted by multiple engineering teams
• Familiarity with production access control patterns for engineers and service identities
• Experience with Kubernetes, service-to-service trust models, workload identity, or runtime security controls
• Experience improving cloud posture management, hardening baselines, or drift detection programs
• Familiarity with security considerations for AI-assisted engineering workflows, including code generation or code review tooling
• Experience partnering with Risk, Compliance, or Audit teams in a regulated environment
• Security certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, or equivalent practical expertise