🛠 Tech Stack

💼 About This Role

You'll lead application security strategy for Upstart's AI lending platform, ensuring secure-by-design principles across product and infrastructure. You'll drive threat modeling, security reviews, and automated controls to reduce systemic risk. This role offers ownership of security roadmap and cross-functional influence at a fintech leader.

🎯 What You'll Do

• Define application security strategy aligned with business and regulatory priorities.
• Lead security architecture reviews for critical initiatives across engineering teams.
• Establish and scale a threat modeling program for high-risk systems.
• Design automated security guardrails across the SDLC (SAST/DAST/SCA, CI/CD).

📋 Requirements

• 9+ years in security engineering with 5+ years focused on application security
• Experience leading security architecture reviews and threat modeling for production systems
• Proficiency in Java, Python, or Ruby development
• Experience implementing SDLC security controls (SAST/DAST/SCA, API security, secrets management)

✨ Nice to Have

• 10+ years across multiple security and engineering domains in cloud-native environments
• Experience building or scaling an application security program with metrics and maturity models
• Familiarity with modern frontend frameworks, APIs (REST/GraphQL), and microservices architectures

🎁 Benefits & Perks

• 🏖️ Flexible remote work with digital-first culture
• 💰 Competitive compensation and equity
• 🏥 Health, dental, and vision insurance
• 📚 Professional development and growth opportunities
• 🏢 Collaborative workspaces with regular onsites