The Team
We're looking for a Senior Application Security Engineer to join our growing Information Security team. Your primary function will be to work with Upstart's engineering and product management teams to ensure that our product platform is secure, safe and reliable.
You'll have the latitude to touch every aspect of our security strategies, with the opportunity to specialize as the team grows. As one of the key resources on the Security team, you will have significant influence over the design of Upstart's Security program.
Position Location - This role is available in the following locations: San Mateo Columbus Austin Remote (#LI-REMOTE)
Time Zone Requirements - This team operates on the East/West Coast time zones.
Travel Requirements - This team has regular on-site collaboration sessions. These occur 5 days per Quarter at one of our office locations or some other off-site location determined by your team/manager. If you need to travel to make these meetups, Upstart will cover all travel related expenses.
How You'll Make an Impact:
• Work closely with our engineering and data science teams to securely design and implement new products and features, including the development and maintenance of threat models for high-risk functionality. • Set up a regular vulnerability scanning tools and manage remediation of identified issues. • Support teams with vulnerability remediation efforts, including the design of remediation strategies. • Assess the threat model for cloud native infrastructures and applications. • Identify and design company-wide security controls and solutions. • Operate as an integral member of the engineering team and advocate for security best practices across the organization. • Help identify Upstart's internal and external attack surface in a dynamic environment.
What We're Looking For:
Minimum Requirements: 3+ years of experience in an application security or security engineering-focused role An IT/CS degree or equivalent knowledge Experience in Java, Python or Ruby development Knowledge of industry standard authentication and authorization protocols (TLS, SAML, etc) Previous usage or knowledge of SAST/DAST and vulnerability scanners Understanding of Full Stack Development, SDLC, and CI/CD pipelines Understanding of network stack and common protocols
Preferred Qualifications: 7+ years of experience in a high-security environment MS degree or equivalent knowledge Certification in IT or cybersecurity (e.g. OSCP, OSCE, OSWE) Experience conducting product/application level security audits, penetration tests, and security focused code reviews AWS, K8s and CI/CD pipeline experience Contributions to the security industry (e.g. whitepaper, security advisories, OSS projects, patents)
What You'll Love:
Competitive Compensation (base + bonus & equity) Comprehensive medical, dental, and vision coverage with Health Savings Account contributions from Upstart Generous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 per year Employee Stock Purchase Plan (ESPP) Life and disability insurance Generous holiday, vacation, sick and safety leave Supportive parental, family care, and military leave programs Annual wellness, technology & ergonomic reimbursement programs Social activities including team events and onsites, all-company updates, employee resource groups (ERGs), and other interest groups such as book clubs, fitness, investing, and volunteering Catered lunches + snacks & drinks when working in offices