Principal Application Security Engineer
Job Description:
• Work closely with our engineering and data science teams to securely design and implement new products and features, including the development and maintenance of threat models for high-risk functionality.
• Set up a regular vulnerability scanning tools and manage remediation of identified issues
• Support teams with vulnerability remediation efforts, including the design of remediation strategies.
• Assess the threat model for cloud native infrastructures and applications
• Identify and design company-wide security controls and solutions.
• Operate as an integral member of the engineering team and advocate for security best practices across the organization
• Help identify Upstart’s internal and external attack surface in a dynamic environment
Requirements:
• 3+ years of experience in an application security or security engineering-focused role
• An IT/CS degree or equivalent knowledge
• Experience in Java, Python or Ruby development
• Knowledge of industry standard authentication and authorization protocols (TLS, SAML, etc)
• Previous usage or knowledge of SAST/DAST and vulnerability scanners
• Understanding of Full Stack Development, SDLC, and CI/CD pipelines
• Understanding of network stack and common protocols
• A self-starter who is comfortable getting hands-on and engaging in all areas of product security, from ideation to deployment.
• Ability to collaborate cross-functionally and communicate effectively with highly technical teams
Benefits:
• Competitive Compensation (base + bonus & equity)
• Comprehensive medical, dental, and vision coverage with Health Savings Account contributions from Upstart
• Generous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 per year
• Employee Stock Purchase Plan (ESPP)
• Life and disability insurance
• Generous holiday, vacation, sick and safety leave
• Supportive parental, family care, and military leave programs
• Annual wellness, technology & ergonomic reimbursement programs
• Social activities including team events and onsites, all-company updates, employee resource groups (ERGs), and other interest groups such as book clubs, fitness, investing, and volunteering
• Catered lunches + snacks & drinks when working in offices
Apply tot his job
Apply To this Job