Key skills
Data SecurityIdentity & Access Management (IAM)Data Loss Prevention (DLP)Data Security Posture Management (DSPM)API developmentSecurity architectureLeast-privilege access modelsCompliance frameworks SOC 1Compliance frameworks SOC 2Compliance frameworks SOXAIAnalyticsIAMLeadershipCommunication
About this role
Upstart is an AI lending marketplace dedicated to reducing borrowing costs for Americans. The Senior Security Engineer focused on Data Security will lead the data security program, designing scalable security capabilities and collaborating with various teams to ensure data protection.
Responsibilities:
- Lead the technical design and execution of Upstart’s data security program, from early foundations through mature, scalable systems
- Architect and build software solutions (APIs, services, and internal tools) that enable effective data protection and governance
- Partner closely with Engineering, Analytics, Product, Legal, Risk, HR, and other stakeholders to secure sensitive data across diverse domains
- Drive adoption of least-privilege access models and modern data protection patterns across the organization
- Mentor engineers and security practitioners, fostering strong technical standards and a culture of ownership
- Continuously improve systems by learning from real-world signals such as false positives, operational feedback, and evolving threats
Requirements:
- Bachelor's degree in Computer Science, Engineering, or Mathematics, or a related field (or its equivalent)
- 5 years of experience
- Extensive experience across enterprise and operational security domains, with deep focus on Data Security and Identity & Access Management (IAM)
- Experience owning or leading a Data Security, DLP (Data Loss Prevention), or DSPM (Data Security Posture Management) initiatives
- Strong software engineering background, with the ability to design and build production-quality systems (e.g., APIs, services, or internal web applications)
- Experience launching new security capabilities from 0 to 1 in complex environments
- Deep understanding of least-privilege principles and practical experience applying them at scale
- Excellent communication skills, with the ability to influence senior technical and non-technical stakeholders
- Ability to navigate ambiguity, make sound tradeoffs, and independently drive meaningful change
- Familiarity with cutting edge AI data protection tooling such as endpoint DLP, data classification, or posture management platforms (BigID, Concentric AI, Varonis, Cyera, or similar)
- Experience working with diverse data domains (e.g., analytics, reporting, business operations, or people data)
- Contributions to the security community through talks, publications, open-source projects, or other industry involvement
- Familiarity with compliance frameworks such as SOC 1, SOC 2, and SOX
- Interest in long-term growth as a senior individual contributor, with openness to future people leadership paths