Upstart is a leading AI lending marketplace partnering with banks and credit unions to expand access to affordable credit. By leveraging Upstart's AI marketplace, Upstart-powered banks and credit unions can have higher approval rates and lower loss rates across races, ages, and genders, while simultaneously delivering the exceptional digital-first lending experience their customers demand. More than two-thirds of Upstart loans are approved instantly and are fully automated.

Upstart is a digital-first company, which means that most Upstarters live and work anywhere in the United States. However, we also have offices in San Mateo, California; Columbus, Ohio; and Austin, Texas.

Most Upstarters join us because they connect with our mission of enabling access to effortless credit based on true risk. If you are energized by the impact you can make at Upstart, we’d love to hear from you!

Upstart’s Security team is dedicated to advancing security practices that enhance the safety of our products, customers, and partners. We believe that security should empower innovation, move at the speed of business, and be designed for safety from the ground up. Our mission is to protect Upstart’s products & enterprise, and manage threats to Upstart. We achieve this through automation, strong collaboration with partner teams, and a commitment to maintain a positive experience for Upstarters..As a Principal Security Engineer, you will play a pivotal role in shaping Upstart’s security strategy. You will architect, design, and influence our security measures across all security controls while driving our roadmap forward. Partnering closely with Engineering and business leaders, you will develop and implement security patterns to protect our products while enabling developers. This role requires a well-rounded security practitioner who can mentor engineers, stay ahead of emerging threats, and effectively communicate security risks to senior and executive stakeholders.

How you’ll make an impact:

• Lead complex, high-impact security initiatives with cross-team dependencies across our products, services, infrastructure, and enterprise
• Collaborate with key stakeholders to develop and implement security patterns that reduce risk and enable developers
• Provide mentorship, foster a strong security culture and promote security excellence
• Continually assess Upstart’s security risk posture and influencing priorities and roadmap decisions
• Stay at the forefront of innovative security solutions to strengthen our stance
• Monitor emerging threats and attack methods, ensuring Upstart remains one step ahead

What we’re looking for:

• Minimum requirements:
• Deep expertise across multiple security domains (e.g. Application Security, Infrastructure Security, Enterprise Security, Detection & Response, Security GRC, Customer Trust, Offensive Security)
• Demonstrable track record as an influential security leader, driving security solutions across multiple stakeholder groups
• Experience with advanced threat modeling techniques and risk assessment
• Strong communication skills, capable of engaging engineers and senior leadership through clear, concise, and effective messaging (both written and verbal).
• Ability to promote innovative security solutions while independently navigating ambiguity to drive change.
• 10+ years of experience in security leadership, open to strong individual contributors and people managers

• Preferred qualifications:
• Strong security program management experience, leading large-scale, multi-team security initiatives.
• Contributions to the security industry (e.g. industry presentations, white papers, OSS projects, patents)
• Familiarity with compliance frameworks, including SOC1, SOC2, and SOX

https://www.upstart.com/candidate_privacy_policy