Principal Application Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Upstart · 7 hours ago

Principal Application Security Engineer

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
money$182K/yr - $252K/yr
date3+ years exp

Upstart is the leading AI lending marketplace partnering with banks and credit unions to expand access to affordable credit. They are seeking a Senior Application Security Engineer to work closely with engineering and product management teams to ensure the security and reliability of their product platform.

Artificial Intelligence (AI)AutomotiveConsumer LendingCreditFinancial ServicesFinTechLendingMachine LearningPersonal Finance
check
H1B Sponsor Likelynote

Responsibilities

Work closely with our engineering and data science teams to securely design and implement new products and features, including the development and maintenance of threat models for high-risk functionality
Set up a regular vulnerability scanning tools and manage remediation of identified issues
Support teams with vulnerability remediation efforts, including the design of remediation strategies
Assess the threat model for cloud native infrastructures and applications
Identify and design company-wide security controls and solutions
Operate as an integral member of the engineering team and advocate for security best practices across the organization
Help identify Upstart’s internal and external attack surface in a dynamic environment

Qualification

Application SecurityVulnerability ScanningJavaPythonRubySAST/DASTCloud SecurityCI/CD PipelinesIT/Cybersecurity CertificationFull Stack DevelopmentCollaborationCommunicationSelf-starter

Required

3+ years of experience in an application security or security engineering-focused role
An IT/CS degree or equivalent knowledge
Experience in Java, Python or Ruby development
Knowledge of industry standard authentication and authorization protocols (TLS, SAML, etc)
Previous usage or knowledge of SAST/DAST and vulnerability scanners
Understanding of Full Stack Development, SDLC, and CI/CD pipelines
Understanding of network stack and common protocols
A self-starter who is comfortable getting hands-on and engaging in all areas of product security, from ideation to deployment
Ability to collaborate cross-functionally and communicate effectively with highly technical teams

Preferred

7+ years of experience in a high-security environment
MS degree or equivalent knowledge
Certification in IT or cybersecurity (e.g. OSCP, OSCE, OSWE)
Experience conducting product/application level security audits, penetration tests, and security focused code reviews
AWS, K8s and CI/CD pipeline experience
Contributions to the security industry (e.g. whitepaper, security advisories, OSS projects, patents)

Benefits

Comprehensive medical, dental, and vision coverage with Health Savings Account contributions from Upstart
Generous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 per year
Employee Stock Purchase Plan (ESPP)
Life and disability insurance
Generous holiday, vacation, sick and safety leave
Supportive parental, family care, and military leave programs
Annual wellness, technology & ergonomic reimbursement programs
Social activities including team events and onsites, all-company updates, employee resource groups (ERGs), and other interest groups such as book clubs, fitness, investing, and volunteering
Catered lunches + snacks & drinks when working in offices

Company

Upstart

twittertwittertwitter
Glassdoor3.7
company-logo
Upstart (NASDAQ: UPST) is a leading AI lending marketplace partnering with banks and credit unions to expand access to affordable credit.
dateFounded in 2012
location
San Mateo, California, USA
people-size1001-5000 employees
web-link
https://upstart.com/about

H1B Sponsorship

Upstart has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (68)
2024 (67)
2023 (85)
2022 (85)
2021 (42)
2020 (15)

Funding

Current Stage
Public Company
Total Funding
$3.36B
Key Investors
CastlelakeProgressiveRakuten
2025-11-06Post Ipo Debt· $1.5B
2025-09-05Post Ipo Debt· $320M
2025-08-12Post Ipo Debt· $600M

Leadership Team

leader-logo
Dave Girouard
Founder & CEO
linkedin
leader-logo
Paul Gu
Co-Founder
linkedin

Recent News

The Motley Fool
3 High-Conviction AI Stocks With 10x Potential by 2036
2026-01-03
The Motley Fool
Should You Forget Upstart and Buy American Express Instead?
2026-01-01
MarketScreener
Tech CU Selects Upstart for Personal Loans and Auto Refinance Loans
2025-12-17
Company data provided by crunchbase