Principal Security Engineer – Infrastructure Security

This is a fully remote position, open to applicants in United States.

📋 Description

• Define and implement Upstart's infrastructure security strategy, ensuring alignment with secure-by-default principles, business priorities, regulatory requirements, and Upstart's cloud-native engineering roadmap.

• Manage the security roadmap for cloud, platform, compute, and deployment environments, collaborating with infrastructure, platform, SRE, and product engineering leaders to mitigate risks across various organizations.

• Lead security architecture assessments for critical infrastructure projects, influencing technical decisions in areas such as cloud IAM, Kubernetes, container security, network segmentation, secrets management, CI/CD, and infrastructure-as-code.

• Identify and minimize systemic infrastructure security risks by creating robust preventative controls, guardrails, and automation that enhance security outcomes across engineering teams.

• Establish standards and frameworks for production access, service identity, workload trust, infrastructure hardening, vulnerability management, and secure operational practices.

• Collaborate with engineering teams to enhance the security of AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments.

• Act as a senior technical authority during high-severity security or production incidents, leading root cause analysis, risk-based prioritization, and long-term architectural enhancements.

• Advance infrastructure security maturity across Upstart by mentoring engineers, effectively communicating risks to senior stakeholders, and aiding teams in building secure systems with minimal friction.

⛳️ Requirements

• 8+ years of experience in security engineering, infrastructure engineering, software engineering, or a related technical field.

• 4+ years of experience specifically focused on infrastructure, cloud, platform, or production security.

• Proven experience in securing cloud-native infrastructure within AWS or a similar cloud environment.

• Familiarity with various infrastructure security domains, including cloud IAM, Kubernetes or container security, network security, secrets management, infrastructure-as-code, CI/CD security, production access, or vulnerability management.

• Proficient in coding or automation using Python, Go, Java, Ruby, or a similar programming language.

• Experience leading security architecture reviews or technical risk assessments for complex production systems.

• Expertise in designing and implementing preventative security controls, guardrails, or platform-level security solutions utilized by multiple engineering teams.

• Experience spearheading cross-functional security initiatives with infrastructure, platform, SRE, product engineering, risk, compliance, or audit stakeholders.

• 10+ years of experience encompassing security engineering, infrastructure engineering, software engineering, or cloud platform engineering. (Preferred)

• Experience owning a security roadmap for a technical domain that spans multiple teams or organizations. (Preferred)

• Familiarity with Kubernetes security, service-to-service trust models, workload identity, runtime security, or cloud-native network controls. (Preferred)

• Experience enhancing cloud security posture management, hardening baselines, drift detection, or infrastructure vulnerability management programs. (Preferred)

• Proven track record in building or scaling infrastructure security programs, including defining metrics, maturity models, and risk-based prioritization frameworks. (Preferred)

• Understanding of security considerations for AI-assisted engineering workflows, including code generation, code review tooling, agentic automation, and risks related to sensitive data exposure. (Preferred)

• Experience collaborating with Legal, Risk, Compliance, or Audit teams to operationalize security controls in a regulated environment. (Preferred)

• Relevant security certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, CCSP, or equivalent practical expertise. (Preferred)

🏝️ Benefits

• Competitive compensation package, including base salary, bonus opportunities, and annual equity grants that vest quarterly.

• Retirement benefits to assist in future planning, including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed, up to $15,000 annually (USD in the US, CAD in Canada).

• Employee Stock Purchase Plan (ESPP) offering discounted stock purchase options for eligible employees (US only).

• Comprehensive health coverage tailored to support you and your family, including medical, dental, vision, and wellness resources for the US, along with supplemental health coverage for Canada.

• Contributions to Health Savings Accounts from Upstart for eligible plans (US only).

• Income protection benefits, including life insurance and disability coverage for added financial security.

• Paid time off, sick leave, and company holidays, in accordance with local regulations.

• Paid family and parental leave to support caregiving and significant life events (duration varies by country).

• Family-oriented benefits to assist with fertility, parenthood, and caregiving needs.

• Employee Assistance Program (EAP) providing mental health support and life-centered resources.

• Financial wellness resources, including access to financial planning tools and a financial concierge service (US Only).

• Annual wellness allowance to foster your physical and emotional well-being and personal development, based on your individual needs.

• Annual productivity allowance to invest in necessary tools and resources for optimal performance, regardless of your work location.

• Opportunities for connection and community through team events, all-company updates, and employee resource groups (ERGs).

• Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our offices located in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!).