The TeamUpstart's Security team is dedicated to advancing security practices that enhance the safety of our products, customers, and partners. We believe security should empower innovation, move at the speed of the business, and be built in from the ground up. Our mission is to protect Upstart's products and enterprise while enabling teams to move quickly and safely through strong collaboration, automation, and thoughtful security design.
As a Principal Security Engineer focused on Data Security, you will play a critical role in defining, building, and leading Upstart's data security program. This is a highly impactful role that combines deep hands-on technical execution with program leadership. You will design and implement scalable data security capabilities, influence cross-functional partners across the company, and help establish long-term strategy and accountability for how data is protected at Upstart.
This role is ideal for a senior security practitioner who enjoys operating at the intersection of coding, architecture, and cross-functional leadership, and who has experience taking complex security programs from concept to reality.
Position Location - This role is available in the following locations:
Time Zone Requirements - This team operates on the East/West Coast time zones.
Travel Requirements - As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to spend high quality time in-person collaborating via regular on-site sessions. The in-person sessions' cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.
How you'll make an impact:
What we're looking for:
Minimum requirements:
Extensive experience across enterprise and operational security domains, with deep focus on Data Security and Identity & Access Management
Experience owning or leading a Data Security, DLP (Data Loss Prevention), or DSPM (Data Security Posture Management) initiatives
Proven experience leading security programs that span multiple teams and functions
Strong software engineering background, with the ability to design and build production-quality systems (e.g., APIs, services, or internal web applications)
Experience launching new security capabilities or programs from 0 to 1 in complex environments
Deep understanding of least-privilege principles and practical experience applying them at scale
Excellent communication skills, with the ability to influence senior technical and non-technical stakeholders
Ability to navigate ambiguity, make sound tradeoffs, and independently drive meaningful change
Preferred qualifications:
Familiarity with modern data protection tooling such as endpoint DLP, data classification, or posture management platforms
Experience working with diverse data domains (e.g., analytics, reporting, business operations, or people data)
Contributions to the security community through talks, publications, open-source projects, or other industry involvement
Familiarity with compliance frameworks such as SOC 1, SOC 2, and SOX
Interest in long-term growth as a senior individual contributor, with openness to future people leadership paths