Senior Manager, Security Engineering

The Team

Upstart's Information Security team has a mix of professionals with different areas of deep expertise - from Application Security, to Cloud Security, Incident Response, Detection Engineering, and more. The team is responsible for ensuring we have a good understanding of the security gaps in our environment, and works to mitigate unnecessary risk across the company.

As the Senior Manager of Security Engineering at Upstart, you will work with Upstart's engineering and product management teams to ensure that our product platform is secure, safe and reliable. As a strategic leader, you will have direct responsibility for our product security and support Upstart's growth while guarding the platform and its assets, our people and our processes. As one of the key resources on the Security team, you will have significant influence over the design of Upstart's Security program.

Position Location

• This role is available in the following locations: Remote, San Mateo, Columbus , Austin.

Time Zone Requirements

• This team operates across all US time zones.

Travel Requirements

• This team has regular on-site collaboration sessions. These occur 3-4 days per quarter at one of our office locations. If you need to travel to make these meetups, Upstart will cover all travel related expenses.

How you'll make an impact:

• Inform and oversee the development and execution of a comprehensive strategy for application security

• Ensure that security resources and practices align to business needs, priorities and requirements

• Evangelize the product security roadmap and seek alignment with stakeholders

• Manage and report on security engineering KPIs and metrics

• Help identify Upstart's internal and external attack surface in a dynamic environment

• Work closely with our engineering and data science teams to securely design and implement new products and features

• Establish and mature the secure software development lifecycle

• Operate as an integral member of the engineering team and advocate for security best practices across the organization

What we're looking for:

• Minimum requirements:

• Demonstrable track record as an influential leader, delivering security solutions with multiple stakeholder groups

• Extensive security engineering background, with expertise and knowledge in infrastructure security concepts, web application security, encryption, and penetration/vulnerability tools

• Understanding of Information Security policies, procedures, privacy rules & regulations

• Experience managing multiple and simultaneous, significant information security initiatives and programs

• Preferred qualifications:

• 10+ years of experience in a high-security environment and at least 5 years in a management capacity

• Leadership experience managing geographically distributed teams

• Certifications in IT or cybersecurity (e.g. CISSP, CISM, GSLC, OSCE)

• AWS, Kubernetes and CI/CD pipeline experience

• Contributions to the security industry (e.g. white papers, OSS projects, patents)

What you'll love:

• Competitive Compensation (base + bonus & equity)

• Comprehensive medical, dental, and vision coverage with Health Savings Account contributions from Upstart

• 401(k) with 100% company match up to $4,500 and immediate vesting and after-tax savings

• Employee Stock Purchase Plan (ESPP)

• Life and disability insurance

• Generous holiday, vacation, sick and safety leave

• Supportive parental, family care, and military leave programs

• Annual wellness, technology & ergonomic reimbursement programs

• Social activities including team events and onsites, all-company updates, employee resource groups (ERGs), and other interest groups such as book clubs, fitness, investing, and volunteering

• Catered lunches + snacks & drinks when working in offices

#LI-REMOTE

#LI-MidSenior