STEM OPT Infrastructure Security Engineer Jobs

About Upstart

At Upstart, we're united by a mission that matters: to radically reduce the cost and complexity of borrowing for all Americans. Every day, we bring creativity, experimentation, and advanced AI to reshape access to credit, helping millions move forward financially with clarity and confidence.

As the leading AI lending marketplace, we partner with banks and credit unions to expand access to affordable credit through technology that's both radically intelligent and deeply human. Our platform runs over one million predictions per borrower using more than 1,800 signals, powering smarter, fairer decisions for millions of customers. But the numbers only hint at the impact. Every idea, every voice, and every contribution moves us closer to a world where credit never stands between people and their financial progress.

We're proudly digital-first, giving most Upstarters the flexibility to do their best work from wherever they thrive, alongside teammates across 80+ cities in the US and Canada. Digital-first doesn't mean distant. We're intentional about in-person connection through team onsites, planning sessions, and moments that spark creativity and trust. And whether you choose to work primarily from home or collaborate in-person from one of our offices in Columbus, Austin, the Bay Area, or New York City (opening Summer 2026), you'll have the support to work in the way that works best for you.

If you're energized by tackling meaningful problems, excited to innovate with purpose, and motivated by work that truly matters, we'd love to hear from you.

The Team

Upstart's Infrastructure Security team is focused on securing the cloud, compute, platform, and deployment layers that run our products. We believe security should enable fast, safe delivery through strong engineering fundamentals, automation, and secure-by-default patterns. Our team partners closely with platform, infrastructure, and product engineering to reduce risk in areas such as cloud IAM, Kubernetes and container security, network controls, secrets management, infrastructure-as-code, and production vulnerability management.

As a Security Engineer II at Upstart, you will help design, build, and improve security controls that protect our production infrastructure and developer platforms. You will partner with engineers across infrastructure, platform, and product teams to identify risks, review designs, automate preventative controls, and improve the security of the systems our products run on. This role is well suited for an engineer who can independently lead medium-sized projects, troubleshoot moderately complex security problems, and deliver durable improvements that make Upstart's infrastructure more secure by default.

How you'll make an impact

• Design and implement security controls for cloud, platform, and deployment systems, with a focus on secure defaults and durable risk reduction.
• Partner with platform, SRE, and infrastructure teams to review architecture and infrastructure changes, identify security risks, and drive practical remediation plans.
• Build and improve automation for infrastructure security, including controls for cloud IAM, Kubernetes and container environments, secrets handling, and infrastructure-as-code workflows.
• Identify and remediate systemic weaknesses such as misconfigurations, exposed services, weak trust boundaries, and insecure defaults in production environments.
• Support infrastructure vulnerability management by helping prioritize findings, validate fixes, and improve how issues are detected and prevented over time.
• Help assess and improve security controls for AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments.
• Respond to production security issues, investigate root causes using logs, dashboards, and system context, and contribute follow-up improvements that strengthen the platform.
• Contribute to team effectiveness by documenting patterns, participating in design and code reviews, and helping raise the security quality bar across engineering.

Minimum Qualifications

• Bachelor's degree and 3+ years of experience in security engineering, infrastructure engineering, or a related software engineering role.
• Experience securing or operating cloud-native infrastructure in AWS or a similar cloud environment.
• Experience with one or more of the following domains: cloud IAM, Kubernetes/container security, network security, secrets management, or infrastructure vulnerability management.
• Experience writing code or automation in Python, Go, Java, or a similar programming language.
• Experience reviewing system designs, infrastructure changes, or architecture proposals and driving actionable security outcomes.
• Experience with infrastructure-as-code and CI/CD tooling such as Terraform, Helm, GitHub Actions, or similar technologies.
• Experience investigating and resolving moderately complex production or security issues using logs, metrics, and debugging tools.
• Experience using AI-assisted engineering tools responsibly, with an understanding of security considerations such as sensitive data exposure, unsafe automation, access boundaries, or insecure use of generated code and infrastructure changes.

Preferred Qualifications

• Experience building preventative guardrails or automated controls that are adopted by multiple engineering teams.
• Familiarity with production access control patterns for engineers and service identities.
• Experience with Kubernetes, service-to-service trust models, workload identity, or runtime security controls.
• Experience improving cloud posture management, hardening baselines, or drift detection programs.
• Familiarity with security considerations for AI-assisted engineering workflows, including code generation or code review tooling.
• Experience partnering with Risk, Compliance, or Audit teams in a regulated environment.
• Security certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, or equivalent practical expertise.

Position location This role is available in the following locations: Remote

Time zone requirements The team operates on all continental US time zones.

Travel requirements As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S or Canada (outside of Quebec) but are expected to spend high quality time in-person collaborating via regular onsites and in-person meetings. The onsite cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.

What you'll love

At Upstart, our benefits are designed to support your health, financial well-being, family, and personal growth. Here's what you can expect:

• Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly
• Generous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 per year
• Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees
• Affordable medical, dental, and vision coverage, with multiple plan options - Upstart covers 90% to 100% of the cost depending on the plans you choose
• Health Savings Account contributions from Upstart for eligible plans
• Income protection benefits, including company-paid Basic Life, AD&D, and Short- and Long-Term Disability coverage, with options to purchase supplemental coverage
• Paid time off, sick and safe time, and company holidays
• Paid family and parental leave to support caregiving and major life moments
• Family-centered benefits through Carrot and Cleo, supporting fertility, parenthood, and caregiving
• Employee Assistance Program (EAP) offering mental health support and life-centered resources
• Financial wellness resources, including access to financial planning tools and a financial concierge service
• Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you
• Annual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from
• Connection and community through team events and onsites, all-company updates, and employee resource groups (ERGs)
• Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our four offices, located in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!).

Upstart is a proud Equal Opportunity Employer. Just as we are dedicated to improving access to affordable credit for all, we are committed to inclusive and fair hiring practices.

If you require reasonable accommodation in completing an application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please email candidate_accommodations@upstart.com