# Infrastructure Security Engineer
**Company:** [Upstart](https://hotfix.jobs/companies/upstart)
**Location:** Remote
**Salary:** $134K-$186K
**Experience:** 3+ years
**Skills:** AWS, Kubernetes, Terraform, Python, Go, Java, Helm, GitHub Actions, Cloud Iam, Secrets Management
**Posted:** 2026-05-04
> Designs and implements security controls for cloud infrastructure, Kubernetes, and deployment systems. Partners with engineering teams to review architectures, automate preventative measures, and remediate vulnerabilities. Requires 3+ years experience, Bachelor's degree, and proficiency in AWS, IaC tools, and programming.
## Job Description
## How you’ll make an impact

- Design and implement security controls for cloud, platform, and deployment systems, with a focus on secure defaults and durable risk reduction.
- Partner with platform, SRE, and infrastructure teams to review architecture and infrastructure changes, identify security risks, and drive practical remediation plans.
- Build and improve automation for infrastructure security, including controls for cloud IAM, Kubernetes and container environments, secrets handling, and infrastructure-as-code workflows.
- Identify and remediate systemic weaknesses such as misconfigurations, exposed services, weak trust boundaries, and insecure defaults in production environments.
- Support infrastructure vulnerability management by helping prioritize findings, validate fixes, and improve how issues are detected and prevented over time.
- Help assess and improve security controls for AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments.
- Respond to production security issues, investigate root causes using logs, dashboards, and system context, and contribute follow-up improvements that strengthen the platform.
- Contribute to team effectiveness by documenting patterns, participating in design and code reviews, and helping raise the security quality bar across engineering.

## Minimum Qualifications

- Bachelor’s degree and 3+ years of experience in security engineering, infrastructure engineering, or a related software engineering role.
- Experience securing or operating cloud-native infrastructure in **AWS** or a similar cloud environment.
- Experience with one or more of the following domains: cloud IAM, Kubernetes/container security, network security, secrets management, or infrastructure vulnerability management.
- Experience writing code or automation in **Python**, **Go**, **Java**, or a similar programming language.
- Experience reviewing system designs, infrastructure changes, or architecture proposals and driving actionable security outcomes.
- Experience with infrastructure-as-code and CI/CD tooling such as **Terraform**, **Helm**, **GitHub Actions**, or similar technologies.
- Experience investigating and resolving moderately complex production or security issues using logs, metrics, and debugging tools.
- Experience using AI-assisted engineering tools responsibly, with an understanding of security considerations such as sensitive data exposure, unsafe automation, access boundaries, or insecure use of generated code and infrastructure changes.

## Preferred Qualifications

- Experience building preventative guardrails or automated controls that are adopted by multiple engineering teams.
- Familiarity with production access control patterns for engineers and service identities.
- Experience with **Kubernetes**, service-to-service trust models, workload identity, or runtime security controls.
- Experience improving cloud posture management, hardening baselines, or drift detection programs.
- Familiarity with security considerations for AI-assisted engineering workflows, including code generation or code review tooling.
- Experience partnering with Risk, Compliance, or Audit teams in a regulated environment.
- Security certifications such as **AWS Security Specialty**, **GCP Professional Cloud Security Engineer**, **CISSP**, or equivalent practical expertise.
**Apply:** https://hotfix.jobs/jobs/infrastructure-security-engineer-at-upstart-2c4da5b3-0e94-43e0-8601-ccdf1caa3a8b
**Canonical:** https://hotfix.jobs/jobs/infrastructure-security-engineer-at-upstart-2c4da5b3-0e94-43e0-8601-ccdf1caa3a8b