What you'd actually do

Lead the design and execution of Upstart’s data security program, from early foundations through mature, scalable systems

Architect and build software solutions (APIs, services, and internal tools) that enable effective data protection and governance

Partner closely with Engineering, Analytics, Product, Legal, Risk, HR, and other stakeholders to secure sensitive data across diverse domains

Establish clear goals, success metrics, and accountability for data security initiatives

Drive adoption of least-privilege access models and modern data protection patterns across the organization

Skills

Required

Bachelor’s degree in Computer Science, Engineering, or Mathematics, or a related field (or its equivalent) + 8 years of experience
Extensive experience across enterprise and operational security domains, with deep focus on Data Security and Identity & Access Management
Experience owning or leading a Data Security, DLP (Data Loss Prevention), or DSPM (Data Security Posture Management) initiatives
Proven experience leading security programs that span multiple teams and functions
Strong software engineering background, with the ability to design and build production-quality systems (e.g., APIs, services, or internal web applications)
Experience launching new security capabilities or programs from 0 to 1 in complex environments
Deep understanding of least-privilege principles and practical experience applying them at scale
Excellent communication skills, with the ability to influence senior technical and non-technical stakeholders
Ability to navigate ambiguity, make sound tradeoffs, and independently drive meaningful change

Nice to have

Familiarity with modern data protection tooling such as endpoint DLP, data classification, or posture management platforms
Experience working with diverse data domains (e.g., analytics, reporting, business operations, or people data)
Contributions to the security community through talks, publications, open-source projects, or other industry involvement
Familiarity with compliance frameworks such as SOC 1, SOC 2, and SOX
Interest in long-term growth as a senior individual contributor, with openness to future people leadership

What the JD emphasized

Extensive experience across enterprise and operational security domains, with deep focus on Data Security and Identity & Access Management

Experience owning or leading a Data Security, DLP (Data Loss Prevention), or DSPM (Data Security Posture Management) initiatives

Strong software engineering background

Experience launching new security capabilities or programs from 0 to 1 in complex environments

Deep understanding of least-privilege principles and practical experience applying them at scale

About Upstart

At Upstart, we’re united by a mission that matters: to radically reduce the cost and complexity of borrowing for all Americans. Every day, we bring creativity, experimentation, and advanced AI to reshape access to credit, helping millions move forward financially with clarity and confidence.

As the leading AI lending marketplace, we partner with banks and credit unions to expand access to affordable credit through technology that’s both radically intelligent and deeply human. Our platform runs over one million predictions per borrower using more than 1,800 signals, powering smarter, fairer decisions for millions of customers. But the numbers only hint at the impact. Every idea, every voice, and every contribution moves us closer to a world where credit never stands between people and their financial progress.

We’re proudly digital-first, giving most Upstarters the flexibility to do their best work from wherever they thrive, alongside teammates across 80+ cities in the US and Canada. Digital-first doesn’t mean distant. We’re intentional about in-person connection through team onsites, planning sessions, and moments that spark creativity and trust. And whether you choose to work primarily from home or collaborate in-person from one of our offices in Columbus, Austin, the Bay Area, or New York City (opening Summer 2026), you’ll have the support to work in the way that works best for you.

If you’re energized by tackling meaningful problems, excited to innovate with purpose, and motivated by work that truly matters, we’d love to hear from you.

The Team

Upstart’s Information Security team is dedicated to advancing security practices that enhance the safety of our products, customers, and partners. We believe security should empower innovation, move at the speed of the business, and be built in from the ground up. Our mission is to protect Upstart’s products and enterprise while enabling teams to move quickly and safely through strong collaboration, automation, and thoughtful security design.

As a Principal Security Engineer focused on Data Security, you will play a critical role in defining, building, and leading Upstart’s data security program. This is a highly impactful role that combines deep hands-on technical execution with program leadership. You will design and implement scalable data security capabilities, influence cross-functional partners across the company, and help establish long-term strategy and accountability for how data is protected at Upstart.

This role is ideal for a senior security practitioner who enjoys operating at the intersection of coding, architecture, and cross-functional leadership, and who has experience taking complex security programs from concept to reality.

**_Position Location - _**This role is available in the following locations: Remote (US), San Mateo, Columbus, Austin

Time Zone Requirements - This team operates on the East/West Coast time zones.

Travel Requirements - As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to to still spend high quality time in-person collaborating via regular onsites. The in-person sessions’ cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.

How you’ll make an impact:

Lead the design and execution of Upstart’s data security program, from early foundations through mature, scalable systems
Architect and build software solutions (APIs, services, and internal tools) that enable effective data protection and governance
Partner closely with Engineering, Analytics, Product, Legal, Risk, HR, and other stakeholders to secure sensitive data across diverse domains
Establish clear goals, success metrics, and accountability for data security initiatives
Drive adoption of least-privilege access models and modern data protection patterns across the organization
Mentor engineers and security practitioners, fostering strong technical standards and a culture of ownership
Continuously improve systems by learning from real-world signals such as false positives, operational feedback, and evolving threats

**What we’re looking for: **

Minimum requirements:
- Bachelor’s degree in Computer Science, Engineering, or Mathematics, or a related field (or its equivalent) + 8 years of experience
- Extensive experience across enterprise and operational security domains, with deep focus on Data Security and Identity & Access Management
- Experience owning or leading a Data Security, DLP (Data Loss Prevention), or DSPM (Data Security Posture Management) initiatives
- Proven experience leading security programs that span multiple teams and functions
- Strong software engineering background, with the ability to design and build production-quality systems (e.g., APIs, services, or internal web applications)
- Experience launching new security capabilities or programs from 0 to 1 in complex environments
- Deep understanding of least-privilege principles and practical experience applying them at scale
- Excellent communication skills, with the ability to influence senior technical and non-technical stakeholders
- Ability to navigate ambiguity, make sound tradeoffs, and independently drive meaningful change
Preferred qualifications:
- Familiarity with modern data protection tooling such as endpoint DLP, data classification, or posture management platforms
- Experience working with diverse data domains (e.g., analytics, reporting, business operations, or people data)
- Contributions to the security community through talks, publications, open-source projects, or other industry involvement
- Familiarity with compliance frameworks such as SOC 1, SOC 2, and SOX
- Interest in long-term growth as a senior individual contributor, with openness to future people leadership paths

At Upstart, your base pay is one part of your total compensation package. The anticipated base salary for this position is expected to be within the below range. Your actual base pay will depend on your geographic location–with our “digital first” philosophy, Upstart uses compensation regions that vary depending on location. Individual pay is also determined by job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

In addition, Upstart provides employees with target bonuses, equity compensation, and generous benefits packages (including medical, dental, vision, and 401k).

United States | Remote - Anticipated Base Salary Range

$190,600—$263,900 USD

What you'll love

At Upstart, our benefits are designed to support your health, financial well-being, family, and personal growth. Here’s what you can expect:

Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly
Retirement benefits to help you plan for the future, including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed, up to $15,000 annually (USD in the US, CAD in Canada)
Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees (US only)
Comprehensive health coverage designed to support you and your family, including medical, dental, vision, and wellness resources for US and supplemental health coverage for Canada.
Health Savings Account contributions from Upstart for eligible plans (US only)
Income protection benefits, including life insurance and disability coverage for added financial security
Paid time off, sick leave, and company holidays, in line with local requirements
Paid family and parental leave to support caregiving and major life moments (duration varies by country)
Family-centered benefits to support fertility, parenthood, and caregiving needs
Employee Assistance Program (EAP) offering mental health support and life-centered resources
Financial wellness resources, including access to financial planning tools and a financial concierge service (US Only)
Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you
Annual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from
Connection and community through team events, all-company updates, and employee resource groups (ERGs)
Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our offices in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!)

For roles based in Canada, please note that we are not currently able to hire in Quebec.

Upstart is a proud Equal Opportunity Employer. Just as we are dedicated to improving access to affordable credit for all, we are committed to inclusive and fair hiring practices.

If you require reasonable accommodation in completing an application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please email candidate_accommodations@upstart.com

https://www.upstart.com/candidate_privacy_policy