Upstart

Infrastructure Security Engineer

Upstart$134K — $185K *
US-AnywhereRemote in United States
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree with 3+ years in security or infrastructure engineering.
  • Experience securing cloud-native infrastructure in AWS or similar.
  • Proficient in areas like cloud IAM, Kubernetes security, and infrastructure vulnerability management.
  • Skilled in coding or automation using Python, Go, Java, or equivalent.
  • Experience with infrastructure-as-code tools like Terraform and CI/CD practices.
  • Ability to review system designs and implement practical security improvements.
  • Familiar with AI-assisted engineering tools and their security implications.

Responsibilities

  • Design and implement security controls for cloud and deployment systems.
  • Review architecture changes with cross-functional teams to identify security risks.
  • Automate infrastructure security processes and tools.
  • Remediate systemic vulnerabilities in production environments.
  • Support vulnerability management by validating fixes and refining detection methods.
  • Enhance security for AI-integrated developer workflows and tools.
  • Investigate security issues in production and propose follow-up enhancements.
  • Document security patterns and participate in code reviews to improve overall security standards.

Benefits

  • Competitive compensation including bonuses and annual equity grants.
  • 401(k) plan with generous company matching contributions.
  • Employee Stock Purchase Plan (ESPP) for discounted stock purchases.
  • Comprehensive health benefits including medical, dental, and vision coverage.
  • Income protection benefits like life insurance and disability coverage.
  • Paid time off, sick leave, and family leave policies.
  • Support for mental health through Employee Assistance Program (EAP).
  • Annual wellness and productivity allowances for personal development.
Full Job Description
The Team

Upstart's Infrastructure Security team is focused on securing the cloud, compute, platform, and deployment layers that run our products. We believe security should enable fast, safe delivery through strong engineering fundamentals, automation, and secure-by-default patterns. Our team partners closely with platform, infrastructure, and product engineering to reduce risk in areas such as cloud IAM, Kubernetes and container security, network controls, secrets management, infrastructure-as-code, and production vulnerability management.

As a Security Engineer II at Upstart, you will help design, build, and improve security controls that protect our production infrastructure and developer platforms. You will partner with engineers across infrastructure, platform, and product teams to identify risks, review designs, automate preventative controls, and improve the security of the systems our products run on. This role is well suited for an engineer who can independently lead medium-sized projects, troubleshoot moderately complex security problems, and deliver durable improvements that make Upstart's infrastructure more secure by default.

How you'll make an impact
  • Design and implement security controls for cloud, platform, and deployment systems, with a focus on secure defaults and durable risk reduction.
  • Partner with platform, SRE, and infrastructure teams to review architecture and infrastructure changes, identify security risks, and drive practical remediation plans.
  • Build and improve automation for infrastructure security, including controls for cloud IAM, Kubernetes and container environments, secrets handling, and infrastructure-as-code workflows.
  • Identify and remediate systemic weaknesses such as misconfigurations, exposed services, weak trust boundaries, and insecure defaults in production environments.
  • Support infrastructure vulnerability management by helping prioritize findings, validate fixes, and improve how issues are detected and prevented over time.
  • Help assess and improve security controls for AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments.
  • Respond to production security issues, investigate root causes using logs, dashboards, and system context, and contribute follow-up improvements that strengthen the platform.
  • Contribute to team effectiveness by documenting patterns, participating in design and code reviews, and helping raise the security quality bar across engineering.

Minimum Qualifications
  • Bachelor's degree and 3+ years of experience in security engineering, infrastructure engineering, or a related software engineering role.
  • Experience securing or operating cloud-native infrastructure in AWS or a similar cloud environment.
  • Experience with one or more of the following domains: cloud IAM, Kubernetes/container security, network security, secrets management, or infrastructure vulnerability management.
  • Experience writing code or automation in Python, Go, Java, or a similar programming language.
  • Experience reviewing system designs, infrastructure changes, or architecture proposals and driving actionable security outcomes.
  • Experience with infrastructure-as-code and CI/CD tooling such as Terraform, Helm, GitHub Actions, or similar technologies.
  • Experience investigating and resolving moderately complex production or security issues using logs, metrics, and debugging tools.
  • Experience using AI-assisted engineering tools responsibly, with an understanding of security considerations such as sensitive data exposure, unsafe automation, access boundaries, or insecure use of generated code and infrastructure changes.

Preferred Qualifications
  • Experience building preventative guardrails or automated controls that are adopted by multiple engineering teams.
  • Familiarity with production access control patterns for engineers and service identities.
  • Experience with Kubernetes, service-to-service trust models, workload identity, or runtime security controls.
  • Experience improving cloud posture management, hardening baselines, or drift detection programs.
  • Familiarity with security considerations for AI-assisted engineering workflows, including code generation or code review tooling.
  • Experience partnering with Risk, Compliance, or Audit teams in a regulated environment.
  • Security certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, or equivalent practical expertise.


Position location This role is available in the following locations: Remote

Time zone requirements The team operates on all continental US time zones.

Travel requirements As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S or Canada (outside of Quebec) but are expected to spend high quality time in-person collaborating via regular onsites and in-person meetings. The onsite cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.

At Upstart, your base pay is one part of your total compensation package. The anticipated base salary for this position is expected to be within the below range. Your actual base pay will depend on your geographic location-with our "digital first" philosophy, Upstart uses compensation regions that vary depending on location. Individual pay is also determined by job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

In addition, Upstart provides employees with target bonuses, equity compensation, and generous benefits packages (including medical, dental, vision, and 401k).

United States | Remote - Anticipated Base Salary Range

$134,100-$185,600 USD

What you'll love

At Upstart, our benefits are designed to support your health, financial well-being, family, and personal growth. Here's what you can expect:
  • Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly
  • Retirement benefits to help you plan for the future, including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed, up to $15,000 annually (USD in the US, CAD in Canada)
  • Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees (US only)
  • Comprehensive health coverage designed to support you and your family, including medical, dental, vision, and wellness resources for US and supplemental health coverage for Canada.
  • Health Savings Account contributions from Upstart for eligible plans (US only)
  • Income protection benefits, including life insurance and disability coverage for added financial security
  • Paid time off, sick leave, and company holidays, in line with local requirements
  • Paid family and parental leave to support caregiving and major life moments (duration varies by country)
  • Family-centered benefits to support fertility, parenthood, and caregiving needs
  • Employee Assistance Program (EAP) offering mental health support and life-centered resources
  • Financial wellness resources, including access to financial planning tools and a financial concierge service (US Only)
  • Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you
  • Annual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from
  • Connection and community through team events, all-company updates, and employee resource groups (ERGs)
  • Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our offices in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!)

For roles based in Canada, please note that we are not currently able to hire in Quebec.

About Upstart

Upstart is a lending platform that uses artificial intelligence and machine learning to automate the borrowing process. The company was founded in 2012 by ex-Googlers and has since originated over $10 billion in loans. Upstart's platform uses non-traditional variables such as education and employment history to determine creditworthiness, which allows for more accurate risk assessment and better loan terms for borrowers. The company went public in December 2020 and is listed on the NASDAQ under the ticker symbol UPST.
Learn more about Upstart
Size
100 employees
Market Cap
$1 billion
Industry
Net Income
$11 million
Founded
2012
Revenue
$205.3 million
NASDAQ

Similar Jobs

More Jobs at Upstart

More Information Technology Jobs

Find similar Infrastructure Security Engineer jobs: