
Principal Security Engineer, Infrastructure Security
Upstart · United States
- Hybrid
- Full-time
- $227,250 / year
- United States
Email the hiring manager to get a response.
Get their verified email + an intro that's ready to send.
Subject: Interested in the Principal Security Engineer, Infrastructure Security role at Upstart
Hi Alex — I came across the Principal Security Engineer, Infrastructure Security opening and wanted to reach out directly. I've spent the last few years doing exactly this kind of work, and Upstart stood out because…
✎ Personalized to your résumé after sign-up.
- ✓ Verified email of the hiring manager
- ✓ Intro email personalized to your résumé
- ✓ $9/mo = unlimited — any job link
Secure checkout · cancel anytime
Job highlights
- Lead infrastructure security strategy and roadmap.
- Secure cloud, platform, and deployment environments.
- Drive cross-functional security initiatives.
- Reduce systemic infrastructure risk through automation.
- Mentor engineers and elevate security maturity.
About the role
About Upstart
At Upstart, we’re united by a mission that matters: to radically reduce the cost and complexity of borrowing for all Americans. Every day, we bring creativity, experimentation, and advanced AI to reshape access to credit, helping millions move forward financially with clarity and confidence.
As the leading AI lending marketplace, we partner with banks and credit unions to expand access to affordable credit through technology that’s both radically intelligent and deeply human. Our platform runs over one million predictions per borrower using more than 1,800 signals, powering smarter, fairer decisions for millions of customers. But the numbers only hint at the impact. Every idea, every voice, and every contribution moves us closer to a world where credit never stands between people and their financial progress.
We’re proudly digital-first, giving most Upstarters the flexibility to do their best work from wherever they thrive, alongside teammates across 80+ cities in the US and Canada. Digital-first doesn’t mean distant. We’re intentional about in-person connection through team onsites, planning sessions, and moments that spark creativity and trust. And whether you choose to work primarily from home or collaborate in-person from one of our offices in Columbus, Austin, the Bay Area, or New York City (opening Summer 2026), you’ll have the support to work in the way that works best for you.
If you’re energized by tackling meaningful problems, excited to innovate with purpose, and motivated by work that truly matters, we’d love to hear from you.
The Team
Upstart’s Infrastructure Security team is focused on securing the cloud, compute, platform, and deployment layers that run our products. We believe security should enable fast, safe delivery through strong engineering fundamentals, automation, and secure-by-default patterns. Our team partners closely with platform, infrastructure, SRE, product engineering, risk, and compliance teams to reduce risk in areas such as cloud IAM, Kubernetes and container security, network controls, secrets management, infrastructure-as-code, production vulnerability management, and AI-assisted developer workflows.
As the Principal Security Engineer at Upstart, you will define and drive the technical strategy for securing Upstart’s production infrastructure and developer platforms. You will lead cross-functional and cross-organizational efforts to reduce systemic infrastructure risk, influence architecture and engineering roadmaps, and build durable security controls that scale across teams. This role is well suited for a senior technical leader who brings deep infrastructure security expertise, strong engineering judgment, and the ability to translate complex security risks into practical, high-impact improvements for the business.
How you’ll make an impact:
- Define and drive Upstart’s infrastructure security strategy, aligning secure-by-default principles with business priorities, regulatory expectations, and Upstart’s cloud-native engineering roadmap.
- Own the security roadmap for cloud, platform, compute, and deployment environments, partnering with infrastructure, platform, SRE, and product engineering leaders to reduce risk across multiple organizations.
- Lead security architecture reviews for critical infrastructure initiatives, influencing technical decisions in areas such as cloud IAM, Kubernetes, container security, network segmentation, secrets management, CI/CD, and infrastructure-as-code.
- Identify and reduce systemic infrastructure security risks by designing durable preventative controls, guardrails, and automation that improve security outcomes across engineering teams.
- Establish standards and patterns for production access, service identity, workload trust, infrastructure hardening, vulnerability management, and secure operational practices.
- Partner with engineering teams to improve the security of AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments.
- Serve as a senior technical authority during high-severity security or production incidents, driving root cause analysis, risk-based prioritization, and long-term architectural improvements.
- Elevate infrastructure security maturity across Upstart by mentoring engineers, influencing senior stakeholders through clear risk communication, and helping teams build secure systems with less friction.
What we’re looking for:
Minimum requirements:
- 8+ years of experience in security engineering, infrastructure engineering, software engineering, or a related technical role.
- 4+ years of experience focused on infrastructure, cloud, platform, or production security.
- Experience securing cloud-native infrastructure in AWS or a similar cloud environment.
- Experience with multiple infrastructure security domains, such as cloud IAM, Kubernetes or container security, network security, secrets management, infrastructure-as-code, CI/CD security, production access, or vulnerability management.
- Experience writing code or automation in Python, Go, Java, Ruby, or a similar programming language.
- Experience leading security architecture reviews or technical risk assessments for complex production systems.
- Experience designing and implementing preventative security controls, guardrails, or platform-level security solutions used by multiple engineering teams.
- Experience leading cross-functional security initiatives with infrastructure, platform, SRE, product engineering, risk, compliance, or audit stakeholders.
Preferred qualifications:
- 10+ years of experience spanning security engineering, infrastructure engineering, software engineering, or cloud platform engineering.
- Experience owning a security roadmap for a technical domain that spans multiple teams or organizations.
- Experience with Kubernetes security, service-to-service trust models, workload identity, runtime security, or cloud-native network controls.
- Experience improving cloud security posture management, hardening baselines, drift detection, or infrastructure vulnerability management programs.
- Experience building or scaling infrastructure security programs, including defining metrics, maturity models, and risk-based prioritization frameworks.
- Familiarity with security considerations for AI-assisted engineering workflows, including code generation, code review tooling, agentic automation, and sensitive data exposure risks.
- Experience partnering with Legal, Risk, Compliance, or Audit teams to operationalize security controls in a regulated environment.
- Security certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, CCSP, or equivalent practical expertise.
Position Location
This role is available in the following locations: Remote (US), San Mateo, Columbus, Austin
Time Zone Requirements
This team operates on the East/West Coast time zones.
Travel Requirements
As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to to still spend high quality time in-person collaborating via regular onsites. The in-person sessions’ cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.
Compensation
At Upstart, your base pay is one part of your total compensation package. The anticipated base salary for this position is expected to be within the below range. Your actual base pay will depend on your geographic location–with our “digital first” philosophy, Upstart uses compensation regions that vary depending on location. Individual pay is also determined by job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.
In addition, Upstart provides employees with target bonuses, equity compensation, and generous benefits packages (including medical, dental, vision, and 401k).
United States | Remote - Anticipated Base Salary Range
$190,600 - $263,900 USD
What You'll Love
At Upstart, our benefits are designed to support your health, financial well-being, family, and personal growth. Here’s what you can expect:
- Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly
- Retirement benefits to help you plan for the future, including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed, up to $15,000 annually (USD in the US, CAD in Canada)
- Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees (US only)
- Comprehensive health coverage designed to support you and your family, including medical, dental, vision, and wellness resources for US and supplemental health coverage for Canada.
- Health Savings Account contributions from Upstart for eligible plans (US only)
- Income protection benefits, including life insurance and disability coverage for added financial security
- Paid time off, sick leave, and company holidays, in line with local requirements
- Paid family and parental leave to support caregiving and major life moments (duration varies by country)
- Family-centered benefits to support fertility, parenthood, and caregiving needs
- Employee Assistance Program (EAP) offering mental health support and life-centered resources
- Financial wellness resources, including access to financial planning tools and a financial concierge service (US Only)
- Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you
- Annual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from
- Connection and community through team events, all-company updates, and employee resource groups (ERGs)
- Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our offices in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!)
For roles based in Canada, please note that we are not currently able to hire in Quebec.
Upstart is a proud Equal Opportunity Employer. Just as we are dedicated to improving access to affordable credit for all, we are committed to inclusive and fair hiring practices.
If you require reasonable accommodation in completing an application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please email candidate_accommodations@upstart.com
https://www.upstart.com/candidate_privacy_policy
Key skills/competency
- Infrastructure Security
- Cloud Security
- Kubernetes Security
- IAM
- Secrets Management
- Infrastructure as Code
- Vulnerability Management
- Python/Go
- Security Architecture
- Risk Assessment
Skills & topics
- Principal Security Engineer
- Infrastructure Security
- Cloud Security
- AWS
- Kubernetes
- IAM
- Secrets Management
- Infrastructure as Code
- Vulnerability Management
- Python
- Go
- Security Architecture
- Risk Assessment
- SRE
- Platform Security
- CI/CD Security
- Production Security
- AI Security
- GenAI
- Developer Workflows
How to get hired
- Tailor your resume: Highlight your 8+ years in security/infrastructure engineering and 4+ years in cloud/production security, showcasing experience with AWS, Kubernetes, IAM, and Python/Go.
- Showcase leadership: Emphasize your experience leading security architecture reviews, risk assessments, and cross-functional initiatives.
- Quantify impact: Provide specific examples of how you've designed and implemented preventative security controls and automation that scaled across teams.
- Prepare for technical deep dives: Be ready to discuss your experience in cloud IAM, Kubernetes security, secrets management, and infrastructure-as-code.
- Understand Upstart's mission: Align your experience with Upstart's goal of reducing credit costs and complexity through AI.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the primary responsibilities of a Principal Security Engineer, Infrastructure Security at Upstart?
- As a Principal Security Engineer, Infrastructure Security at Upstart, you will define and drive the technical strategy for securing production infrastructure and developer platforms. This involves leading cross-functional efforts to reduce systemic infrastructure risk, influencing architecture roadmaps, and building scalable security controls. You will also partner with engineering teams to improve AI-assisted developer workflows and act as a senior technical authority during incidents.
- What qualifications are essential for the Principal Security Engineer role at Upstart?
- Essential qualifications include 8+ years of experience in security/infrastructure/software engineering, with at least 4 years focused on infrastructure, cloud, platform, or production security. You should have experience securing cloud-native infrastructure (AWS preferred), expertise in multiple security domains like cloud IAM, Kubernetes, secrets management, and infrastructure-as-code, and proficiency in a programming language like Python or Go. Experience leading security architecture reviews and implementing preventative controls is also required.
- What is the work arrangement for this Principal Security Engineer position?
- Upstart is a digital-first company, offering a hybrid work arrangement. While the majority of your work can be accomplished remotely, there are regular in-person collaboration sessions (onsites) for teams, typically once or twice per quarter for 2-4 consecutive days. You can choose to work primarily from home or collaborate from one of their offices.
- What is the salary range for the Principal Security Engineer, Infrastructure Security role at Upstart?
- The anticipated base salary range for this position in the US is $190,600 - $263,900 USD. This range may vary based on geographic location, as Upstart uses compensation regions. Your recruiter will provide specific details for your preferred location.
- How does Upstart support employee growth and well-being?
- Upstart offers comprehensive benefits including competitive compensation (base pay, bonus, equity), retirement planning (401k with company match), health coverage, wellness allowances, productivity allowances, and paid time off. They also provide family-centered benefits and resources for mental and financial wellness.
- What is the role of AI in Upstart's Infrastructure Security team?
Similar roles
Open positions we recommend based on this role.
