Principal Security Engineer

Upstart’s Security team is dedicated to advancing security practices that enhance the safety of our products, customers, and partners. We believe that security should empower innovation, move at the speed of business, and be designed for safety from the ground up. Our mission is to protect Upstart’s products & enterprise, and manage threats to Upstart. We achieve this through automation, strong collaboration with partner teams, and a commitment to maintain a positive experience for Upstarters. As a Principal Security Engineer, you will play a pivotal role in shaping Upstart’s security strategy. You will architect, design, and influence our security measures across all security controls while driving our roadmap forward. Partnering closely with Engineering and business leaders, you will develop and implement security patterns to protect our products while enabling developers. This role requires a well-rounded security practitioner who can mentor engineers, stay ahead of emerging threats, and effectively communicate security risks to senior and executive stakeholders.

How you’ll make an impact:

• Lead complex, high-impact security initiatives with cross-team dependencies across our products, services, infrastructure, and enterprise.
• Collaborate with key stakeholders to develop and implement security patterns that reduce risk and enable developers.
• Provide mentorship, foster a strong security culture, and promote security excellence.
• Continually assess Upstart’s security risk posture and influence priorities and roadmap decisions.
• Stay at the forefront of innovative security solutions to strengthen our stance.
• Monitor emerging threats and attack methods, ensuring Upstart remains one step ahead.

What we’re looking for:

• Minimum requirements:
• Deep expertise across multiple security domains (e.g. Application Security, Infrastructure Security, Enterprise Security, Detection & Response, Security GRC, Customer Trust, Offensive Security).
• Demonstrable track record as an influential security leader, driving security solutions across multiple stakeholder groups.
• Experience with advanced threat modeling techniques and risk assessment.
• Strong communication skills, capable of engaging engineers and senior leadership through clear, concise, and effective messaging (both written and verbal).
• Ability to promote innovative security solutions while independently navigating ambiguity to drive change.
• 10+ years of experience in security leadership, open to strong individual contributors and people managers.

• Preferred qualifications:
  • Strong security program management experience, leading large-scale, multi-team security initiatives.
  • Contributions to the security industry (e.g. industry presentations, white papers, OSS projects, patents).
  • Familiarity with compliance frameworks, including SOC1, SOC2, and SOX.

Position Location: This role is available in the following locations: Remote, San Mateo, Columbus, Austin.

Time Zone Requirements: This team operates across all U.S. time zones.

Travel Requirements: This team has regular on-site collaboration sessions. These occur 3 days per quarter at an Upstart office. If you need to travel to make these meetups, Upstart will cover all travel-related expenses.

What you'll love:

• Competitive Compensation (base + bonus & equity).
• Comprehensive medical, dental, and vision coverage with Health Savings Account contributions from Upstart.
• 401(k) with 100% company match up to $4,500 and immediate vesting and after-tax savings.
• Employee Stock Purchase Plan (ESPP).
• Life and disability insurance.
• Generous holiday, vacation, sick, and safety leave.
• Supportive parental, family care, and military leave programs.
• Annual wellness, technology & ergonomic reimbursement programs.
• Social activities including team events and onsites, all-company updates, employee resource groups (ERGs), and other interest groups such as book clubs, fitness, investing, and volunteering.
• Catered lunches + snacks & drinks when working in offices.