Work closely with our engineering and data science teams to securely design and implement new products and features, including the development and maintenance of threat models for high-risk functionality.
Set up a regular vulnerability scanning tools and manage remediation of identified issues
Support teams with vulnerability remediation efforts, including the design of remediation strategies.
Assess the threat model for cloud native infrastructures and applications
Identify and design company-wide security controls and solutions.
Operate as an integral member of the engineering team and advocate for security best practices across the organization
Help identify Upstart’s internal and external attack surface in a dynamic environment

Requirements

3+ years of experience in an application security or security engineering-focused role
An IT/CS degree or equivalent knowledge
Experience in Java, Python or Ruby development
Knowledge of industry standard authentication and authorization protocols (TLS, SAML, etc)
Previous usage or knowledge of SAST/DAST and vulnerability scanners
Understanding of Full Stack Development, SDLC, and CI/CD pipelines
Understanding of network stack and common protocols
A self-starter who is comfortable getting hands-on and engaging in all areas of product security, from ideation to deployment.
Ability to collaborate cross-functionally and communicate effectively with highly technical teams

Benefits

Competitive Compensation (base + bonus & equity)
Comprehensive medical, dental, and vision coverage with Health Savings Account contributions from Upstart
Generous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 per year
Employee Stock Purchase Plan (ESPP)
Life and disability insurance
Generous holiday, vacation, sick and safety leave
Supportive parental, family care, and military leave programs
Annual wellness, technology & ergonomic reimbursement programs
Social activities including team events and onsites, all-company updates, employee resource groups (ERGs), and other interest groups such as book clubs, fitness, investing, and volunteering
Catered lunches + snacks & drinks when working in offices

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

application securitysecurity engineeringJavaPythonRubySASTDASTvulnerability scanningFull Stack DevelopmentCI/CD

self-startercollaborationcommunicationadvocacyproblem-solving

IT degreeCS degree