[Remote] Infrastructure Security Engineer
Note: The job is a remote job and is open to candidates in USA. Upstart is a leading AI lending marketplace focused on reducing the cost and complexity of borrowing for all Americans. They are seeking an Infrastructure Security Engineer to design, build, and improve security controls for their production infrastructure and developer platforms, collaborating with various engineering teams to identify risks and enhance security measures.ResponsibilitiesDesign and implement security controls for cloud, platform, and deployment systems, with a focus on secure defaults and durable risk reductionPartner with platform, SRE, and infrastructure teams to review architecture and infrastructure changes, identify security risks, and drive practical remediation plansBuild and improve automation for infrastructure security, including controls for cloud IAM, Kubernetes and container environments, secrets handling, and infrastructure-as-code workflowsIdentify and remediate systemic weaknesses such as misconfigurations, exposed services, weak trust boundaries, and insecure defaults in production environmentsSupport infrastructure vulnerability management by helping prioritize findings, validate fixes, and improve how issues are detected and prevented over timeHelp assess and improve security controls for AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environmentsRespond to production security issues, investigate root causes using logs, dashboards, and system context, and contribute follow-up improvements that strengthen the platformContribute to team effectiveness by documenting patterns, participating in design and code reviews, and helping raise the security quality bar across engineeringSkillsBachelor's degree and 3+ years of experience in security engineering, infrastructure engineering, or a related software engineering roleExperience securing or operating cloud-native infrastructure in AWS or a similar cloud environmentExperience with one or more of the following domains: cloud IAM, Kubernetes/container security, network security, secrets management, or infrastructure vulnerability managementExperience writing code or automation in Python, Go, Java, or a similar programming languageExperience reviewing system designs, infrastructure changes, or architecture proposals and driving actionable security outcomesExperience with infrastructure-as-code and CI/CD tooling such as Terraform, Helm, GitHub Actions, or similar technologiesExperience investigating and resolving moderately complex production or security issues using logs, metrics, and debugging toolsExperience using AI-assisted engineering tools responsibly, with an understanding of security considerations such as sensitive data exposure, unsafe automation, access boundaries, or insecure use of generated code and infrastructure changesExperience building preventative guardrails or automated controls that are adopted by multiple engineering teamsFamiliarity with production access control patterns for engineers and service identitiesExperience with Kubernetes, service-to-service trust models, workload identity, or runtime security controlsExperience improving cloud posture management, hardening baselines, or drift detection programsFamiliarity with security considerations for AI-assisted engineering workflows, including code generation or code review toolingExperience partnering with Risk, Compliance, or Audit teams in a regulated environmentSecurity certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, or equivalent practical expertiseBenefitsTarget bonusesEquity compensationGenerous benefits packages (including medical, dental, vision, and 401k)Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterlyRetirement benefits to help you plan for the future, including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed, up to $15,000 annually (USD in the US, CAD in Canada)Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees (US only)Comprehensive health coverage designed to support you and your family, including medical, dental, vision, and wellness resources for US and supplemental health coverage for Canada.Health Savings Account contributions from Upstart for eligible plans (US only)Income protection benefits, including life insurance and disability coverage for added financial securityPaid time off, sick leave, and company holidays, in line with local requirementsPaid family and parental leave to support caregiving and major life moments (duration varies by country)Family-centered benefits to support fertility, parenthood, and caregiving needsEmployee Assistance Program (EAP) offering mental health support and life-centered resourcesFinancial wellness resources, including access to financial planning tools and a financial concierge service (US Only)Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to youAnnual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work fromConnection and community through team events, all-company updates, and employee resource groups (ERGs)Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our offices in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!)Company OverviewUpstart is a leading AI lending marketplace partnering with banks and credit unions to expand access to affordable credit. It was founded in 2012, and is headquartered in San Mateo, California, USA, with a workforce of 1001-5000 employees. Its website is https://upstart.com/about.Company H1B SponsorshipUpstart has a track record of offering H1B sponsorships, with 14 in 2026, 67 in 2025, 66 in 2024, 84 in 2023, 85 in 2022, 42 in 2021, 15 in 2020. Please note that this does not guarantee sponsorship for this specific role.