Principal Security Engineer, Infrastructure Security

About Upstart At Upstart, we’re united by a mission that matters: to radically reduce the cost and complexity of borrowing for all Americans. Every day, we bring creativity, experimentation, and advanced AI to reshape access to credit, helping millions move forward financially with clarity and confidence. As the leading AI lending marketplace, we partner with banks and credit unions to expand access to affordable credit through technology that’s both radically intelligent and deeply human. Our platform runs over one million predictions per borrower using more than 1,800 signals, powering smarter, fairer decisions for millions of customers. But the numbers only hint at the impact. Every idea, every voice, and every contribution moves us closer to a world where credit never stands between people and their financial progress. We’re proudly digital-first, giving most Upstarters the flexibility to do their best work from wherever they thrive, alongside teammates across 80+ cities in the US and Canada. Digital-first doesn’t mean distant. We’re intentional about in-person connection through team onsites, planning sessions, and moments that spark creativity and trust. And whether you choose to work primarily from home or collaborate in-person from one of our offices in Columbus, Austin, the Bay Area, or New York City (opening Summer 2026), you’ll have the support to work in the way that works best for you. If you’re energized by tackling meaningful problems, excited to innovate with purpose, and motivated by work that truly matters, we’d love to hear from you. The Team Upstart’s Infrastructure Security team is focused on securing the cloud, compute, platform, and deployment layers that run our products. We believe security should enable fast, safe delivery through strong engineering fundamentals, automation, and secure-by-default patterns. Our team partners closely with platform, infrastructure, SRE, product engineering, risk, and compliance teams to reduce risk in areas such as cloud IAM, Kubernetes and container security, network controls, secrets management, infrastructure-as-code, production vulnerability management, and AI-assisted developer workflows. As the Principal Security Engineer at Upstart, you will define and drive the technical strategy for securing Upstart’s production infrastructure and developer platforms. You will lead cross-functional and cross-organizational efforts to reduce systemic infrastructure risk, influence architecture and engineering roadmaps, and build durable security controls that scale across teams. This role is well suited for a senior technical leader who brings deep infrastructure security expertise, strong engineering judgment, and the ability to translate complex security risks into practical, high-impact improvements for the business.   How you’ll make an impact: Define and drive Upstart’s infrastructure security strategy, aligning secure-by-default principles with business priorities, regulatory expectations, and Upstart’s cloud-native engineering roadmap. Own the security roadmap for cloud, platform, compute, and deployment environments, partnering with infrastructure, platform, SRE, and product engineering leaders to reduce risk across multiple organizations. Lead security architecture reviews for critical infrastructure initiatives, influencing technical decisions in areas such as cloud IAM, Kubernetes, container security, network segmentation, secrets management, CI/CD, and infrastructure-as-code. Identify and reduce systemic infrastructure security risks by designing durable preventative controls, guardrails, and automation that improve security outcomes across engineering teams. Establish standards and patterns for production access, service identity, workload trust, infrastructure hardening, vulnerability management, and secure operational practices. Partner with engineering teams to improve the security of AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments. Serve as a senior technical authority during high-severity security or production incidents, driving root cause analysis, risk-based prioritization, and long-term architectural improvements. Elevate infrastructure security maturity across Upstart by mentoring engineers, influencing senior stakeholders through clear risk communication, and helping teams build secure systems with less friction. What we’re looking for:  Minimum requirements: 8+ years of experience in security engineering, infrastructure engineering, software engineering, or a related technical role. 4+ years of experience focused on infrastructure, cloud, platform, or production security. Experience securing cloud-native infrastructure in AWS or a similar cloud environment. Experience with multiple infrastructure security domains, such as cloud IAM, Kubernetes or container security, network security, secrets management, infrastructure-as-code, CI/CD security, production access, or vulnerability management. Experience writing code or automation in Python, Go, Java, Ruby, or a similar programming language. Experience leading security architecture reviews or technical risk assessments for complex production systems. Experience designing and implementing preventative security controls, guardrails, or platform-level security solutions used by multiple engineering teams. Experience leading cross-functional security initiatives with infrastructure, platform, SRE, product engineering, risk, compliance, or audit stakeholders. Preferred qualifications: 10+ years of experience spanning security engineering, infrastructure engineering, software engineering, or cloud platform engineering. Experience owning a security roadmap for a technical domain that spans multiple teams or organizations. Experience with Kubernetes security, service-to-serv