Infrastructure Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Design and implement security measures for cloud, platform, and deployment systems, emphasizing secure defaults and robust risk mitigation.

• Collaborate with platform, SRE, and infrastructure teams to evaluate architecture and infrastructure modifications, identify security vulnerabilities, and develop actionable remediation strategies.

• Enhance and automate infrastructure security processes, including controls for cloud IAM, Kubernetes and container ecosystems, secret management, and infrastructure-as-code practices.

• Detect and address systemic vulnerabilities such as misconfigurations, exposed services, weak trust boundaries, and insecure defaults within production environments.

• Assist in infrastructure vulnerability management by prioritizing findings, validating resolutions, and enhancing the detection and prevention of issues over time.

• Evaluate and strengthen security measures for AI-assisted developer workflows and GenAI-enabled systems, including agentic tools, coding assistants, and internal AI integrations that interact with production or sensitive environments.

• Address production security incidents, investigate root causes using logs, dashboards, and system context, and contribute to improvements that enhance platform security.

• Enhance team productivity by documenting patterns, engaging in design and code reviews, and promoting higher security standards across engineering.

⛳️ Requirements

• Bachelor’s degree and over 3 years of experience in security engineering, infrastructure engineering, or a related software engineering position.

• Proven experience in securing or managing cloud-native infrastructure in AWS or a comparable cloud setting.

• Familiarity with one or more of the following areas: cloud IAM, Kubernetes/container security, network security, secrets management, or infrastructure vulnerability management.

• Proficient in coding or automation using Python, Go, Java, or a similar programming language.

• Experience in reviewing system architectures, infrastructure changes, or architecture proposals, driving tangible security results.

• Knowledge of infrastructure-as-code and CI/CD tools such as Terraform, Helm, GitHub Actions, or similar technologies.

• Experience in diagnosing and resolving moderately complex production or security challenges using logs, metrics, and debugging instruments.

• Competency in responsibly utilizing AI-assisted engineering tools while understanding security implications such as sensitive data exposure, unsafe automation practices, access boundaries, or insecure use of generated code and infrastructure modifications.

🏝️ Benefits

• Competitive salary, including base pay, bonus opportunities, and quarterly vesting annual equity grants.

• Generous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 annually.

• Employee Stock Purchase Plan (ESPP) offering discounted stock purchase options for eligible employees.

• Affordable medical, dental, and vision plans, with Upstart covering 90% to 100% of costs based on plan selection.

• Health Savings Account contributions from Upstart for qualifying plans.

• Income protection benefits, including company-paid Basic Life, AD&D, and Short- and Long-Term Disability coverage, along with options for supplemental coverage.

• Paid time off, sick and safe time, and company holidays.

• Paid family and parental leave to support caregiving and significant life events.

• Family-oriented benefits via Carrot and Cleo, assisting with fertility, parenthood, and caregiving.

• Employee Assistance Program (EAP) providing mental health support and life-centered resources.

• Financial wellness resources, including access to financial planning tools and a financial concierge service.

• Annual wellness allowance to support physical and emotional well-being and personal growth, tailored to individual needs.

• Annual productivity allowance to invest in essential tools and resources for optimal performance, regardless of work location.

• Opportunities for connection and community through team events, company-wide updates, and employee resource groups (ERGs).

• Onsite perks such as catered lunches and fully stocked micro-kitchens at any of our four offices located in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!).