Key skills
Infrastructure securityCloud securityAWSCloud IAMKubernetes securityContainer securityNetwork securitySecrets managementInfrastructure-as-codeCI/CD securityVulnerability managementPythonGoJavaRubySecurity architecture reviewsSecurity controls designSecurity certificationsAIGenAIAgenticGCPKubernetesIAMCI/CDMentoringCommunicationNetwork SecurityCloud Security
About this role
Upstart is a leading AI lending marketplace focused on reducing the cost and complexity of borrowing for Americans. They are seeking a Principal Security Engineer to define and drive the technical strategy for securing Upstart's production infrastructure and developer platforms, collaborating with various teams to reduce risk and enhance security practices.
Responsibilities:
- Define and drive Upstart’s infrastructure security strategy, aligning secure-by-default principles with business priorities, regulatory expectations, and Upstart’s cloud-native engineering roadmap
- Own the security roadmap for cloud, platform, compute, and deployment environments, partnering with infrastructure, platform, SRE, and product engineering leaders to reduce risk across multiple organizations
- Lead security architecture reviews for critical infrastructure initiatives, influencing technical decisions in areas such as cloud IAM, Kubernetes, container security, network segmentation, secrets management, CI/CD, and infrastructure-as-code
- Identify and reduce systemic infrastructure security risks by designing durable preventative controls, guardrails, and automation that improve security outcomes across engineering teams
- Establish standards and patterns for production access, service identity, workload trust, infrastructure hardening, vulnerability management, and secure operational practices
- Partner with engineering teams to improve the security of AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments
- Serve as a senior technical authority during high-severity security or production incidents, driving root cause analysis, risk-based prioritization, and long-term architectural improvements
- Elevate infrastructure security maturity across Upstart by mentoring engineers, influencing senior stakeholders through clear risk communication, and helping teams build secure systems with less friction
Requirements:
- 8+ years of experience in security engineering, infrastructure engineering, software engineering, or a related technical role
- 4+ years of experience focused on infrastructure, cloud, platform, or production security
- Experience securing cloud-native infrastructure in AWS or a similar cloud environment
- Experience with multiple infrastructure security domains, such as cloud IAM, Kubernetes or container security, network security, secrets management, infrastructure-as-code, CI/CD security, production access, or vulnerability management
- Experience writing code or automation in Python, Go, Java, Ruby, or a similar programming language
- Experience leading security architecture reviews or technical risk assessments for complex production systems
- Experience designing and implementing preventative security controls, guardrails, or platform-level security solutions used by multiple engineering teams
- Experience leading cross-functional security initiatives with infrastructure, platform, SRE, product engineering, risk, compliance, or audit stakeholders
- 10+ years of experience spanning security engineering, infrastructure engineering, software engineering, or cloud platform engineering
- Experience owning a security roadmap for a technical domain that spans multiple teams or organizations
- Experience with Kubernetes security, service-to-service trust models, workload identity, runtime security, or cloud-native network controls
- Experience improving cloud security posture management, hardening baselines, drift detection, or infrastructure vulnerability management programs
- Experience building or scaling infrastructure security programs, including defining metrics, maturity models, and risk-based prioritization frameworks
- Familiarity with security considerations for AI-assisted engineering workflows, including code generation, code review tooling, agentic automation, and sensitive data exposure risks
- Experience partnering with Legal, Risk, Compliance, or Audit teams to operationalize security controls in a regulated environment
- Security certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, CCSP, or equivalent practical expertise