{"schemaVersion":"jobsearcher.job.v1","id":"a02ea36be3ffca9086d21bd4","url":"https://jobsearcher.com/jobs/a02ea36be3ffca9086d21bd4","canonicalUrl":"https://jobsearcher.com/jobs/a02ea36be3ffca9086d21bd4","title":"Principal Application Security Engineer","description":"About Upstart\r\nAt Upstart, we're united by a mission that matters: to radically reduce the cost and complexity of borrowing for all Americans. Every day, we bring creativity, experimentation, and advanced AI to reshape access to credit, helping millions move forward financially with clarity and confidence.\r\nAs the leading AI lending marketplace, we partner with banks and credit unions to expand access to affordable credit through technology that's both radically intelligent and deeply human. Our platform runs over one million predictions per borrower using more than 1,800 signals, powering smarter, fairer decisions for millions of customers. But the numbers only hint at the impact. Every idea, every voice, and every contribution moves us closer to a world where credit never stands between people and their financial progress.\r\nWe're proudly digital-first, giving most Upstarters the flexibility to do their best work from wherever they thrive, alongside teammates across 80+ cities in the US and Canada. Digital-first doesn't mean distant. We're intentional about in-person connection through team onsites, planning sessions, and moments that spark creativity and trust. And whether you choose to work primarily from home or collaborate in-person from one of our offices in Columbus, Austin, the Bay Area, or New York City (opening Summer 2026), you'll have the support to work in the way that works best for you.\r\nIf you're energized by tackling meaningful problems, excited to innovate with purpose, and motivated by work that truly matters, we'd love to hear from you.\r\nThe Team\r\nUpstart's Application Security team is passionate in bringing progressive approaches in securing our products. We believe that security should empower innovation, move at the speed of business, and have safety by design as core principles. Our team's mission is to ensure the safety of our core product platforms, enterprise, and manage threats to Upstart. We approach our efforts through automation, strong collaboration with our partner teams, and maintaining a positive experience for Upstarters.\r\nPrincipal Application Security Engineer\r\nAs the Principal Application Security Engineer at Upstart, you will be expected to lead cross-functional and cross-organizational discussions and outcomes around threat modeling, application and infrastructure security. You will be expected to deeply understand the business verticals and product needs and influence them to build highly secure systems and platforms. You will have a direct hand in shaping the strategic security posture and roadmap for Upstart and should be a well-rounded technologist and security practitioner.\r\nHow you'll make an impact:\r\nDefine and drive Upstart's application security strategy, aligning secure-by-design principles with business priorities, regulatory expectations, and our AI-driven product roadmap.\r\nLead cross-functional security architecture reviews for critical initiatives, influencing engineering, platform, data, and infrastructure decisions to reduce systemic risk early in the SDLC.\r\nEstablish and scale a robust threat modeling program for high-risk systems, including customer-facing applications, lending workflows, and ML/AI pipelines, translating findings into durable engineering standards and controls.\r\nDesign and standardize application security guardrails across the SDLC, including secure coding practices, automated testing (SAST/DAST/SCA), CI/CD protections, and secrets management.\r\nPartner with Infrastructure and Cloud teams to strengthen the security posture of cloud-native and distributed systems, ensuring defense-in-depth across application and infrastructure layers.\r\nIdentify and reduce internal and external attack surface through automation and platform-level solutions, prioritizing long-term risk reduction over point-in-time remediation.\r\nServe as a senior technical authority during high-severity incidents, driving root cause analysis and durable architectural improvements.\r\nElevate security maturity across the organization by mentoring engineers, influencing leadership through clear risk metrics, and fostering a culture where security enables innovation.\r\nWhat we're looking for:\r\nMinimum requirements\r\n6+ years of experience in security engineering, with at least 3 years focused on application security\r\nDemonstrated experience leading security architecture reviews and threat modeling for complex, customer-facing production systems\r\nExperience in Java, Python or Ruby development.\r\nExperience designing and implementing application security controls across the SDLC, including secure coding standards, API Security, SAST/DAST/SCA, CI/CD security, and secrets management\r\nDemonstrable track record as an influential leader, delivering security solutions with multiple stakeholder groups\r\nExperience managing multiple and simultaneous, significant information security initiatives and programs\r\nExperience developing code and building services to enhance unique security operational needs\r\nExperience with advanced threat modeling techniques and risk assessment\r\nPreferred qualifications\r\n10+ years of experience spanning across multiple security and engineering domains in a cloud-native and/or distributed systems environment\r\nExperience building or scaling an application security program, including defining metrics, maturity models, and risk-based prioritization frameworks\r\nFamiliarity with security considerations in modern frontend frameworks, APIs (REST/GraphQL), and microservices architectures.\r\nExperience partnering with Legal, Risk, Compliance, and Audit teams to operationalize security controls in regulated environments\r\nSecurity certifications such as CISSP, CCSP, AWS Security Specialty, or equivalent practical expertise\r\nPosition Location\r\nThis role is available in the following locations: San Mateo, Columbus, Austin, Remote\r\nTime Zone Requirements\r\nThis team operates on the East/West Coast time zones.\r\nTravel Requirements\r\nThis team has regular on-site collaboration sessions. These occur 3-4 days per Quarter at one of our office locations or some other off-site location determined by your team/manager. If you need to travel to make these meetups, Upstart will cover all travel related expenses.\r\nSalary and Compensation\r\nAt Upstart, your base pay is one part of your total compensation package. The anticipated base salary for this position is expected to be within the below range. Your actual base pay will depend on your geographic location–with our \"digital first\" philosophy, Upstart uses compensation regions that vary depending on location. Individual pay is also determined by job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.\r\nIn addition, Upstart provides employees with target bonuses, equity compensation, and generous benefits packages (including medical, dental, vision, and 401k).\r\nUnited States | Remote - Anticipated Base Salary Range\r\n$190,600—$263,900 USD\r\nWhat you'll love\r\nAt Upstart, our benefits are designed to support your health, financial well-being, family, and personal growth. Here's what you can expect:\r\nCompetitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly\r\nGenerous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 per year\r\nEmployee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees\r\nAffordable medical, dental, and vision coverage, with multiple plan options - Upstart covers 90% to 100% of the cost depending on the plans you choose\r\nHealth Savings Account contributions from Upstart for eligible plans\r\nIncome protection benefits, including company-paid Basic Life, AD&D, and Short- and Long-Term Disability coverage, with options to purchase supplemental coverage\r\nPaid time off, sick and safe time, and company holidays\r\nPaid family and parental leave to support caregiving and major life moments\r\nFamily-centered benefits through Carrot and Cleo, supporting fertility, parenthood, and caregiving\r\nEmployee Assistance Program (EAP) offering mental health support and life-centered resources\r\nFinancial wellness resources, including access to financial planning tools and a financial concierge service\r\nAnnual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you\r\nAnnual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from\r\nConnection and community through team events and onsites, all-company updates, and employee resource groups (ERGs)\r\nOnsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our four offices, located in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!).\r\nEqual Opportunity\r\nUpstart is a proud Equal Opportunity Employer. Just as we are dedicated to improving access to affordable credit for all, we are committed to inclusive and fair hiring practices.\r\nDisability Accommodation\r\nIf you require reasonable accommodation in completing an application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please email candidate_accommodations@upstart.com\r\nPrivacy Policy\r\nhttps://www.upstart.com/candidate_privacy_policy\r\nJ-18808-Ljbffr","company":"Upstart","rawCompany":"upstart","city":"Columbus","state":"OH","isRemote":false,"isActive":false,"createdAt":"2026-04-11T05:04:53.254Z","occupations":[{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"},{"code":"15-1212.00","title":"Information Security Analysts","slug":"information-security-analysts"},{"code":"15-1299.08","title":"Computer Systems Engineers/Architects","slug":"computer-systems-engineers-architects"}],"industries":[{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"},{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"513210","title":"Software Publishers","slug":"software-publishers"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"Principal Application Security Engineer","description":"About Upstart\r\nAt Upstart, we're united by a mission that matters: to radically reduce the cost and complexity of borrowing for all Americans. Every day, we bring creativity, experimentation, and advanced AI to reshape access to credit, helping millions move forward financially with clarity and confidence.\r\nAs the leading AI lending marketplace, we partner with banks and credit unions to expand access to affordable credit through technology that's both radically intelligent and deeply human. Our platform runs over one million predictions per borrower using more than 1,800 signals, powering smarter, fairer decisions for millions of customers. But the numbers only hint at the impact. Every idea, every voice, and every contribution moves us closer to a world where credit never stands between people and their financial progress.\r\nWe're proudly digital-first, giving most Upstarters the flexibility to do their best work from wherever they thrive, alongside teammates across 80+ cities in the US and Canada. Digital-first doesn't mean distant. We're intentional about in-person connection through team onsites, planning sessions, and moments that spark creativity and trust. And whether you choose to work primarily from home or collaborate in-person from one of our offices in Columbus, Austin, the Bay Area, or New York City (opening Summer 2026), you'll have the support to work in the way that works best for you.\r\nIf you're energized by tackling meaningful problems, excited to innovate with purpose, and motivated by work that truly matters, we'd love to hear from you.\r\nThe Team\r\nUpstart's Application Security team is passionate in bringing progressive approaches in securing our products. We believe that security should empower innovation, move at the speed of business, and have safety by design as core principles. Our team's mission is to ensure the safety of our core product platforms, enterprise, and manage threats to Upstart. We approach our efforts through automation, strong collaboration with our partner teams, and maintaining a positive experience for Upstarters.\r\nPrincipal Application Security Engineer\r\nAs the Principal Application Security Engineer at Upstart, you will be expected to lead cross-functional and cross-organizational discussions and outcomes around threat modeling, application and infrastructure security. You will be expected to deeply understand the business verticals and product needs and influence them to build highly secure systems and platforms. You will have a direct hand in shaping the strategic security posture and roadmap for Upstart and should be a well-rounded technologist and security practitioner.\r\nHow you'll make an impact:\r\nDefine and drive Upstart's application security strategy, aligning secure-by-design principles with business priorities, regulatory expectations, and our AI-driven product roadmap.\r\nLead cross-functional security architecture reviews for critical initiatives, influencing engineering, platform, data, and infrastructure decisions to reduce systemic risk early in the SDLC.\r\nEstablish and scale a robust threat modeling program for high-risk systems, including customer-facing applications, lending workflows, and ML/AI pipelines, translating findings into durable engineering standards and controls.\r\nDesign and standardize application security guardrails across the SDLC, including secure coding practices, automated testing (SAST/DAST/SCA), CI/CD protections, and secrets management.\r\nPartner with Infrastructure and Cloud teams to strengthen the security posture of cloud-native and distributed systems, ensuring defense-in-depth across application and infrastructure layers.\r\nIdentify and reduce internal and external attack surface through automation and platform-level solutions, prioritizing long-term risk reduction over point-in-time remediation.\r\nServe as a senior technical authority during high-severity incidents, driving root cause analysis and durable architectural improvements.\r\nElevate security maturity across the organization by mentoring engineers, influencing leadership through clear risk metrics, and fostering a culture where security enables innovation.\r\nWhat we're looking for:\r\nMinimum requirements\r\n6+ years of experience in security engineering, with at least 3 years focused on application security\r\nDemonstrated experience leading security architecture reviews and threat modeling for complex, customer-facing production systems\r\nExperience in Java, Python or Ruby development.\r\nExperience designing and implementing application security controls across the SDLC, including secure coding standards, API Security, SAST/DAST/SCA, CI/CD security, and secrets management\r\nDemonstrable track record as an influential leader, delivering security solutions with multiple stakeholder groups\r\nExperience managing multiple and simultaneous, significant information security initiatives and programs\r\nExperience developing code and building services to enhance unique security operational needs\r\nExperience with advanced threat modeling techniques and risk assessment\r\nPreferred qualifications\r\n10+ years of experience spanning across multiple security and engineering domains in a cloud-native and/or distributed systems environment\r\nExperience building or scaling an application security program, including defining metrics, maturity models, and risk-based prioritization frameworks\r\nFamiliarity with security considerations in modern frontend frameworks, APIs (REST/GraphQL), and microservices architectures.\r\nExperience partnering with Legal, Risk, Compliance, and Audit teams to operationalize security controls in regulated environments\r\nSecurity certifications such as CISSP, CCSP, AWS Security Specialty, or equivalent practical expertise\r\nPosition Location\r\nThis role is available in the following locations: San Mateo, Columbus, Austin, Remote\r\nTime Zone Requirements\r\nThis team operates on the East/West Coast time zones.\r\nTravel Requirements\r\nThis team has regular on-site collaboration sessions. These occur 3-4 days per Quarter at one of our office locations or some other off-site location determined by your team/manager. If you need to travel to make these meetups, Upstart will cover all travel related expenses.\r\nSalary and Compensation\r\nAt Upstart, your base pay is one part of your total compensation package. The anticipated base salary for this position is expected to be within the below range. Your actual base pay will depend on your geographic location–with our \"digital first\" philosophy, Upstart uses compensation regions that vary depending on location. Individual pay is also determined by job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.\r\nIn addition, Upstart provides employees with target bonuses, equity compensation, and generous benefits packages (including medical, dental, vision, and 401k).\r\nUnited States | Remote - Anticipated Base Salary Range\r\n$190,600—$263,900 USD\r\nWhat you'll love\r\nAt Upstart, our benefits are designed to support your health, financial well-being, family, and personal growth. Here's what you can expect:\r\nCompetitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly\r\nGenerous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 per year\r\nEmployee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees\r\nAffordable medical, dental, and vision coverage, with multiple plan options - Upstart covers 90% to 100% of the cost depending on the plans you choose\r\nHealth Savings Account contributions from Upstart for eligible plans\r\nIncome protection benefits, including company-paid Basic Life, AD&D, and Short- and Long-Term Disability coverage, with options to purchase supplemental coverage\r\nPaid time off, sick and safe time, and company holidays\r\nPaid family and parental leave to support caregiving and major life moments\r\nFamily-centered benefits through Carrot and Cleo, supporting fertility, parenthood, and caregiving\r\nEmployee Assistance Program (EAP) offering mental health support and life-centered resources\r\nFinancial wellness resources, including access to financial planning tools and a financial concierge service\r\nAnnual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you\r\nAnnual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from\r\nConnection and community through team events and onsites, all-company updates, and employee resource groups (ERGs)\r\nOnsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our four offices, located in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!).\r\nEqual Opportunity\r\nUpstart is a proud Equal Opportunity Employer. Just as we are dedicated to improving access to affordable credit for all, we are committed to inclusive and fair hiring practices.\r\nDisability Accommodation\r\nIf you require reasonable accommodation in completing an application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please email candidate_accommodations@upstart.com\r\nPrivacy Policy\r\nhttps://www.upstart.com/candidate_privacy_policy\r\nJ-18808-Ljbffr","datePosted":"2026-04-11T05:04:53.254Z","dateModified":"2026-04-11T05:04:53.254Z","hiringOrganization":{"@type":"Organization","name":"Upstart","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Columbus","addressRegion":"OH","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"a02ea36be3ffca9086d21bd4"},"url":"https://jobsearcher.com/jobs/a02ea36be3ffca9086d21bd4"}}