# Principal Security Engineer, Data Security

**Company:** [Upstart](https://hotfix.jobs/companies/upstart)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $191k – $264k/yr
**Experience:** 8+ years
**Skills:** AWS, Python, Go, Java, Ruby, Kubernetes, IAM, Infrastructure As Code, CI/CD, Secrets Management, Network Security, Vulnerability Management
**Posted:** 2026-06-12

> Principal-level security engineer defining infrastructure security strategy and leading cross-functional efforts to secure cloud, Kubernetes, and developer platforms at scale.

## Job Description

## How you’ll make an impact

- Define and drive Upstart’s infrastructure security strategy, aligning secure-by-default principles with business priorities, regulatory expectations, and Upstart’s cloud-native engineering roadmap.
- Own the security roadmap for cloud, platform, compute, and deployment environments, partnering with infrastructure, platform, SRE, and product engineering leaders to reduce risk across multiple organizations.
- Lead security architecture reviews for critical infrastructure initiatives, influencing technical decisions in areas such as cloud IAM, Kubernetes, container security, network segmentation, secrets management, CI/CD, and infrastructure-as-code.
- Identify and reduce systemic infrastructure security risks by designing durable preventative controls, guardrails, and automation that improve security outcomes across engineering teams.
- Establish standards and patterns for production access, service identity, workload trust, infrastructure hardening, vulnerability management, and secure operational practices.
- Partner with engineering teams to improve the security of AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments.
- Serve as a senior technical authority during high-severity security or production incidents, driving root cause analysis, risk-based prioritization, and long-term architectural improvements.
- Elevate infrastructure security maturity across Upstart by mentoring engineers, influencing senior stakeholders through clear risk communication, and helping teams build secure systems with less friction.

## What we’re looking for

### Minimum requirements
- 8+ years of experience in security engineering, infrastructure engineering, software engineering, or a related technical role.
- 4+ years of experience focused on infrastructure, cloud, platform, or production security.
- Experience securing cloud-native infrastructure in AWS or a similar cloud environment.
- Experience with multiple infrastructure security domains, such as cloud IAM, Kubernetes or container security, network security, secrets management, infrastructure-as-code, CI/CD security, production access, or vulnerability management.
- Experience writing code or automation in Python, Go, Java, Ruby, or a similar programming language.
- Experience leading security architecture reviews or technical risk assessments for complex production systems.
- Experience designing and implementing preventative security controls, guardrails, or platform-level security solutions used by multiple engineering teams.
- Experience leading cross-functional security initiatives with infrastructure, platform, SRE, product engineering, risk, compliance, or audit stakeholders.

### Preferred qualifications
- 10+ years of experience spanning security engineering, infrastructure engineering, software engineering, or cloud platform engineering.
- Experience owning a security roadmap for a technical domain that spans multiple teams or organizations.
- Experience with Kubernetes security, service-to-service trust models, workload identity, runtime security, or cloud-native network controls.
- Experience improving cloud security posture management, hardening baselines, drift detection, or infrastructure vulnerability management programs.
- Experience building or scaling infrastructure security programs, including defining metrics, maturity models, and risk-based prioritization frameworks.
- Familiarity with security considerations for AI-assisted engineering workflows, including code generation, code review tooling, agentic automation, and sensitive data exposure risks.
- Experience partnering with Legal, Risk, Compliance, or Audit teams to operationalize security controls in a regulated environment.
- Security certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, CCSP, or equivalent practical expertise.

## Similar roles

- [Principal Threat Intelligence Analyst](https://hotfix.jobs/jobs/306f569a-b0ca-405c-94e0-8cbb315bca3b) - Huntress - Remote - $200k – $225k/yr
- [Principal Software Engineer, Security](https://hotfix.jobs/jobs/48a6dd18-50e3-4ea1-93b7-b346ab7c5272) - Coalition Security - Remote - $200k – $260k/yr
- [Principal Product Security Researcher](https://hotfix.jobs/jobs/94f0f392-b12b-4acc-99bf-3c9d0a2f7a59) - Chainguard - Remote - $201k – $226k/yr
- [Principal Network Architect](https://hotfix.jobs/jobs/02f4a45c-714e-44e7-9877-788f106ac0dc) - CommandLink - Remote - $180k – $250k/yr
- [Principal Information Security Engineer](https://hotfix.jobs/jobs/489c4a6f-3202-4f43-9f12-55eef277d267) - SentiLink - Remote - $220k – $280k/yr

**Apply:** https://hotfix.jobs/jobs/66269b15-50ad-41f1-a864-a184462bfff5
**Canonical:** https://hotfix.jobs/jobs/66269b15-50ad-41f1-a864-a184462bfff5