Key skills
Information SecuritySecurity EngineeringEnterprise SecuritySecurity OperationsDetection and ResponseIncident ResponseVulnerability ManagementCloud SecuritySecurity Program ManagementSecurity ToolingLoggingMonitoringIdentity and Access ManagementEndpoint SecuritySIEMSOARAWSKubernetesCI/CD SecuritySecurity CertificationsAISaaSCI/CDLeadershipRisk Management
About this role
Upstart is a leading AI lending marketplace focused on reducing the cost and complexity of borrowing for Americans. They are seeking a Senior Security Engineering Manager for Enterprise Security to lead a team that enhances security programs across various domains, ensuring effective risk management and alignment with company objectives.
Responsibilities:
- Lead the strategy, roadmap, and execution for security engineering programs across enterprise security, security operations, and detection security engineering
- Manage, coach, and develop a team of security professionals, ensuring the team has clear priorities, measurable goals, effective operating rhythms, and opportunities for career growth
- Build and mature proactive and preventative security controls across corporate systems, cloud environments, identity platforms, endpoints, SaaS applications, and security operations workflows
- Improve Upstart’s ability to detect, investigate, and respond to threats by strengthening detection coverage, alert quality, logging strategy, response playbooks, automation, and operational processes
- Drive cross-functional security initiatives across Engineering, IT, Compliance, Legal, Risk, and business teams, aligning security priorities with company objectives, risk tolerance, and operational needs
- Establish and report on meaningful security engineering and operations metrics, including program health, control effectiveness, detection and response performance, remediation progress, and risk reduction outcomes
- Evaluate and improve security tooling, processes, and controls to reduce systemic risk, increase operational efficiency, and ensure the team is focused on the highest-value security work
- Raise the maturity of Upstart’s security programs by identifying recurring issues, addressing root causes, and developing
Requirements:
- 8+ years of experience in information security, security engineering, enterprise security, security operations, detection and response, incident response, vulnerability management, cloud security, or related security domains
- 3+ years of experience managing security professionals or leading security engineering programs across multiple teams or stakeholder groups
- Experience owning roadmaps, priorities, metrics, and execution for security programs with cross-functional dependencies
- Experience building or operating security capabilities in cloud-based and enterprise environments, including working knowledge of common security tooling, logging, monitoring, detection, identity, endpoint, and response practices
- Experience leading security incidents or operational security programs, including investigation coordination, stakeholder communications, remediation tracking, and post-incident improvement
- Experience partnering with Engineering, IT, Compliance, Legal, Risk, or business teams to deliver measurable security outcomes
- Experience leading security programs across multiple domains such as enterprise security, security operations, detection engineering, cloud security, identity and access management, endpoint security, vulnerability management, or incident response
- Demonstrated experience building or improving security programs that emphasize proactive and preventative controls, automation, and early risk reduction over reactive incident response
- Knowledge of AWS, Kubernetes, CI/CD security, endpoint security, identity and access management, vulnerability management, SIEM/SOAR, logging pipelines, and modern detection engineering practices
- Ability to communicate security risk, tradeoffs, and recommendations clearly to technical, non-technical, and senior leadership audiences
- Experience improving detection and response maturity through logging strategy, detection coverage, alert tuning, automation, playbooks, tabletop exercises, postmortems, and measurable process improvements
- Experience improving enterprise security programs across SaaS applications, identity providers, endpoint controls, corporate infrastructure, and employee security workflows
- Experience operating in a regulated environment, financial technology company, or organization with high security, privacy, or compliance requirements
- Security certifications such as CISSP, CISM, GIAC, AWS Security Specialty, or similar credentials