Infrastructure Security Engineer

About The Position

Requirements

• Bachelor’s degree and 3+ years of experience in security engineering, infrastructure engineering, or a related software engineering role.
• Experience securing or operating cloud-native infrastructure in AWS or a similar cloud environment.
• Experience with one or more of the following domains: cloud IAM, Kubernetes/container security, network security, secrets management, or infrastructure vulnerability management.
• Experience writing code or automation in Python, Go, Java, or a similar programming language.
• Experience reviewing system designs, infrastructure changes, or architecture proposals and driving actionable security outcomes.
• Experience with infrastructure-as-code and CI/CD tooling such as Terraform, Helm, GitHub Actions, or similar technologies.
• Experience investigating and resolving moderately complex production or security issues using logs, metrics, and debugging tools.
• Experience using AI-assisted engineering tools responsibly, with an understanding of security considerations such as sensitive data exposure, unsafe automation, access boundaries, or insecure use of generated code and infrastructure changes.

Nice To Haves

• Experience building preventative guardrails or automated controls that are adopted by multiple engineering teams.
• Familiarity with production access control patterns for engineers and service identities.
• Experience with Kubernetes, service-to-service trust models, workload identity, or runtime security controls.
• Experience improving cloud posture management, hardening baselines, or drift detection programs.
• Familiarity with security considerations for AI-assisted engineering workflows, including code generation or code review tooling.
• Experience partnering with Risk, Compliance, or Audit teams in a regulated environment.
• Security certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, or equivalent practical expertise.

Responsibilities

• Design and implement security controls for cloud, platform, and deployment systems, with a focus on secure defaults and durable risk reduction.
• Partner with platform, SRE, and infrastructure teams to review architecture and infrastructure changes, identify security risks, and drive practical remediation plans.
• Build and improve automation for infrastructure security, including controls for cloud IAM, Kubernetes and container environments, secrets handling, and infrastructure-as-code workflows.
• Identify and remediate systemic weaknesses such as misconfigurations, exposed services, weak trust boundaries, and insecure defaults in production environments.
• Support infrastructure vulnerability management by helping prioritize findings, validate fixes, and improve how issues are detected and prevented over time.
• Help assess and improve security controls for AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments.
• Respond to production security issues, investigate root causes using logs, dashboards, and system context, and contribute follow-up improvements that strengthen the platform.
• Contribute to team effectiveness by documenting patterns, participating in design and code reviews, and helping raise the security quality bar across engineering.

Benefits

• Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly
• Generous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 per year
• Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees
• Affordable medical, dental, and vision coverage, with multiple plan options - Upstart covers 90% to 100% of the cost depending on the plans you choose
• Health Savings Account contributions from Upstart for eligible plans
• Income protection benefits, including company-paid Basic Life, AD&D, and Short- and Long-Term Disability coverage, with options to purchase supplemental coverage
• Paid time off, sick and safe time, and company holidays
• Paid family and parental leave to support caregiving and major life moments
• Family-centered benefits through Carrot and Cleo, supporting fertility, parenthood, and caregiving
• Employee Assistance Program (EAP) offering mental health support and life-centered resources
• Financial wellness resources, including access to financial planning tools and a financial concierge service
• Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you
• Annual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from
• Connection and community through team events and onsites, all-company updates, and employee resource groups (ERGs)
• Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our four offices, located in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!).