Senior Offensive Security Engineer

The Team:

Upstart’s Security team is passionate in bringing progressive approaches in securing our products. We believe that security should empower innovation, move at the speed of business, and have safety by design as core principles. Our team’s mission is to ensure the safety of our core product platforms, enterprise, and manage threats to Upstart. We approach our efforts through automation, strong collaboration with our partner teams, and maintaining a positive experience for Upstarters.

As the Sr Offensive Security Engineer at Upstart, you will be responsible for building the Offensive Security program at Upstart and executing on its objectives. This will include finding weaknesses in Upstart's controls and helping drive remediation of those weaknesses. You will partner frequently with your peers in Detection Engineering, Cloud Security, Application Security, and Enterprise Security to ensure the controls we build are effective, and help determine the priority of future controls.

How you’ll make an impact:

• Validate assumptions and discover weaknesses in Upstart's controls and systems
• Partnering within security on control design, providing feedback from an attacker's perspective
• Run purple teaming exercises with our Detection and Response team to ensure detections would be effective in an attacker scenario
• Stack rank systems to be tested and coordinate external resources and testing firms to perform testing across our systems
• Program management for the Offensive Security program - defining goals, KPIs, and driving it towards success.

What we’re looking for:

Minimum Qualifications:

• 5+ years in Security, at least 2 of which are in Offensive Security
• Experience scoping and coordinating offense security testing exercises
• Experience in an Okta + MacOS environment
• Experience with K8s and modern cloud stacks
• Ability to build tools to recreate attacker behavior (python preferred)

Preferred Qualifications:

• Internal Red team experience
• AWS & EKS experience
• Experience with testing CI/CD pipelines
• Detection Engineering experience (for purple team collaboration)
• System Administration experience (cloud native systems)

Position Location - This role is available in the following locations: Remote, San Mateo, Columbus, Austin

Time Zone Requirements - This team operates across all U.S. time zones.

Travel requirements - As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to to still spend high quality time in-person collaborating via regular onsites. The in-person sessions’ cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.

What you'll love:

• Competitive Compensation (base + bonus & equity)
• Comprehensive medical, dental, and vision coverage with Health Savings Account contributions from Upstart
• 401(k) with 100% company match up to $4,500 and immediate vesting and after-tax savings
• Employee Stock Purchase Plan (ESPP)
• Life and disability insurance
• Generous holiday, vacation, sick and safety leave
• Supportive parental, family care, and military leave programs
• Annual wellness, technology & ergonomic reimbursement programs
• Social activities including team events and onsites, all-company updates, employee resource groups (ERGs), and other interest groups such as book clubs, fitness, investing, and volunteering
• Catered lunches + snacks & drinks when working in offices