FreshRemote.Work

Senior Application Security Engineer

United States | Remote

About Upstart

Upstart is a leading AI lending marketplace partnering with banks and credit unions to expand access to affordable credit. By leveraging Upstart's AI marketplace, Upstart-powered banks and credit unions can have higher approval rates and lower loss rates across races, ages, and genders, while simultaneously delivering the exceptional digital-first lending experience their customers demand. More than two-thirds of Upstart loans are approved instantly and are fully automated.

Upstart is a digital-first company, which means that most Upstarters live and work anywhere in the United States. However, we also have offices in San Mateo, California; Columbus, Ohio; and Austin, Texas.

Most Upstarters join us because they connect with our mission of enabling access to effortless credit based on true risk. If you are energized by the impact you can make at Upstart, we’d love to hear from you!

The Team

We’re looking for a Senior Application Security Engineer to join our growing Information Security team. Your primary function will be to work with Upstart’s engineering and product management teams to ensure that our product platform is secure, safe and reliable. 

You’ll have the latitude to touch every aspect of our security strategies, with the opportunity to specialize as the team grows. As one of the key resources on the Security team, you will have significant influence over the design of Upstart's Security program. 

How you’ll make an impact:

  • Work closely with our engineering and data science teams to securely design and implement new products and features 
  • Set up a regular vulnerability scanning tools and manage remediation of identified issues
  • Assess the threat model for cloud native infrastructures and applications
  • Operate as an integral member of the engineering team and advocate for security best practices across the organization
  • Help identify Upstart’s internal and external attack surface in a dynamic environment

What we’re looking for: 

  • Minimum requirements:
    • 3+ years of experience in a security engineering or security operations role 
    • An IT/CS degree or equivalent knowledge
    • Experience in Java, Python or Ruby development
    • Knowledge of industry standard authentication and authorization protocols (TLS, SAML, etc)
    • Previous usage or knowledge of SAST/DAST and vulnerability scanners  
    • Understanding of Full Stack Development, SDLC, and CI/CD pipelines
    • Understanding of network stack and common protocols
    • Ability to collaborate cross-functionally and communicate effectively with highly technical teams
  • Preferred qualifications:
    • 7+ years of experience in a high-security environment
    • MS degree or equivalent knowledge
    • Certification in IT or cybersecurity (e.g. CISSP, CISM, GSLC, OSCE)
    • Experience conducting infrastructure security audits, penetration tests, and periodic access reviews to applications and infrastructure
    • AWS, K8s and CI/CD pipeline experience
    • Contributions to the security industry (e.g. Whitepaper, OSS projects, Patents)

Position Location - This role is available in the following locations: San Mateo, Columbus, Austin, Remote

Time Zone Requirements - This team operates on the East/West Coast time zones.

Travel Requirements - This team has regular on-site collaboration sessions. These occur 2-3 days per Quarter at one of our office locations or some other off-site location determined by your team/manager. If you need to travel to make these meetups, Upstart will cover all travel related expenses.

What you'll love: 

  • Competitive Compensation (base + bonus & equity)
  • Comprehensive medical, dental, and vision coverage with Health Savings Account contributions from Upstart 
  • 401(k) with 100% company match up to $4,500 and immediate vesting and after-tax savings
  • Employee Stock Purchase Plan (ESPP)
  • Life and disability insurance
  • Generous holiday, vacation, sick and safety leave  
  • Supportive parental, family care, and military leave programs
  • Annual wellness, technology & ergonomic reimbursement programs
  • Social activities including team events and onsites, all-company updates, employee resource groups (ERGs), and other interest groups such as book clubs, fitness, investing, and volunteering
  • Catered lunches + snacks & drinks when working in offices

 

At Upstart, your base pay is one part of your total compensation package.  The anticipated base salary for this position is expected to be within the below range. Your actual base pay will depend on your geographic location–with our “digital first” philosophy, Upstart uses compensation regions that vary depending on location. Individual pay is also determined by job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

In addition, Upstart provides employees with target bonuses, equity compensation, and generous benefits packages (including medical, dental, vision, and 401k).

United States | Remote - Anticipated Base Salary Range$160,400—$222,000 USD

Upstart is a proud Equal Opportunity Employer. We are dedicated to ensuring that underrepresented classes receive better access to affordable credit, and are just as committed to embracing diversity and inclusion in our hiring practices. We celebrate all cultures, backgrounds, perspectives, and experiences, and know that we can only become better together. 

If you require reasonable accommodation in completing an application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please email candidate_accommodations@upstart.com

https://www.upstart.com/candidate_privacy_policy

Apply

Job Profile

Regions

North America

Countries

United States

Restrictions

On-site collaboration required Regular on-site collaboration sessions Travel for meetups

Benefits/Perks

401(k) match Annual wellness, technology & ergonomic reimbursement programs Bonus Catered lunches + snacks & drinks Competitive compensation Comprehensive medical Comprehensive medical, dental, and vision coverage Dental Dynamic environment Employee stock purchase plan Equity Generous holiday, vacation, sick and safety leave Health savings Health Savings Account contributions Life and Disability insurance Medical, Dental & Vision coverage Social activities Supportive parental, family care, and military leave programs

Tasks
  • Advocate security best practices
  • Assess threat models
  • Collaborate cross-functionally
  • Design secure products
  • Identify attack surfaces
  • Manage vulnerability scanning
Skills

AI Application Security Authentication protocols Authorization Protocols AWS CI/CD Cloud Collaboration DAST Data Science Design Digital-first Engineering Full-stack development Information security Infrastructure Security Java Kubernetes Lending Lending marketplace Marketplace Network protocols Operations Product Management Python Ruby SAML SAST SDLC Security Engineering Security Operations TLS Vulnerability Scanning

Experience

3 years

Education

CS Degree Data Science Engineering Equivalent knowledge IT Degree MS MS degree

Certifications

CISM CISSP GSLC OSCE

Timezones

America/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9