Principal Application Security Engineer

Job Description: • Work closely with our engineering and data science teams to securely design and implement new products and features, including the development and maintenance of threat models for high-risk functionality. • Set up a regular vulnerability scanning tools and manage remediation of identified issues • Support teams with vulnerability remediation efforts, including the design of remediation strategies. • Assess the threat model for cloud native infrastructures and applications • Identify and design company-wide security controls and solutions. • Operate as an integral member of the engineering team and advocate for security best practices across the organization • Help identify Upstart’s internal and external attack surface in a dynamic environment Requirements: • 3+ years of experience in an application security or security engineering-focused role • An IT/CS degree or equivalent knowledge • Experience in Java, Python or Ruby development • Knowledge of industry standard authentication and authorization protocols (TLS, SAML, etc) • Previous usage or knowledge of SAST/DAST and vulnerability scanners • Understanding of Full Stack Development, SDLC, and CI/CD pipelines • Understanding of network stack and common protocols • A self-starter who is comfortable getting hands-on and engaging in all areas of product security, from ideation to deployment. • Ability to collaborate cross-functionally and communicate effectively with highly technical teams Benefits: • Competitive Compensation (base + bonus & equity) • Comprehensive medical, dental, and vision coverage with Health Savings Account contributions from Upstart • Generous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 per year • Employee Stock Purchase Plan (ESPP) • Life and disability insurance • Generous holiday, vacation, sick and safety leave • Supportive parental, family care, and military leave programs • Annual wellness, technology & ergonomic reimbursement programs • Social activities including team events and onsites, all-company updates, employee resource groups (ERGs), and other interest groups such as book clubs, fitness, investing, and volunteering • Catered lunches + snacks & drinks when working in offices Apply tot his job Apply To this Job