[Remote] Senior Security Engineering Manager, Enterprise Security

Note: The job is a remote job and is open to candidates in USA. Upstart is a leading AI lending marketplace focused on reducing the cost and complexity of borrowing for Americans. They are seeking a Senior Security Engineering Manager for Enterprise Security to lead a team that enhances security programs across various domains, ensuring effective risk management and alignment with company objectives.

Responsibilities

• Lead the strategy, roadmap, and execution for security engineering programs across enterprise security, security operations, and detection security engineering
• Manage, coach, and develop a team of security professionals, ensuring the team has clear priorities, measurable goals, effective operating rhythms, and opportunities for career growth
• Build and mature proactive and preventative security controls across corporate systems, cloud environments, identity platforms, endpoints, SaaS applications, and security operations workflows
• Improve Upstart’s ability to detect, investigate, and respond to threats by strengthening detection coverage, alert quality, logging strategy, response playbooks, automation, and operational processes
• Drive cross-functional security initiatives across Engineering, IT, Compliance, Legal, Risk, and business teams, aligning security priorities with company objectives, risk tolerance, and operational needs
• Establish and report on meaningful security engineering and operations metrics, including program health, control effectiveness, detection and response performance, remediation progress, and risk reduction outcomes
• Evaluate and improve security tooling, processes, and controls to reduce systemic risk, increase operational efficiency, and ensure the team is focused on the highest-value security work
• Raise the maturity of Upstart’s security programs by identifying recurring issues, addressing root causes, and developing

Skills

• 8+ years of experience in information security, security engineering, enterprise security, security operations, detection and response, incident response, vulnerability management, cloud security, or related security domains
• 3+ years of experience managing security professionals or leading security engineering programs across multiple teams or stakeholder groups
• Experience owning roadmaps, priorities, metrics, and execution for security programs with cross-functional dependencies
• Experience building or operating security capabilities in cloud-based and enterprise environments, including working knowledge of common security tooling, logging, monitoring, detection, identity, endpoint, and response practices
• Experience leading security incidents or operational security programs, including investigation coordination, stakeholder communications, remediation tracking, and post-incident improvement
• Experience partnering with Engineering, IT, Compliance, Legal, Risk, or business teams to deliver measurable security outcomes
• Experience leading security programs across multiple domains such as enterprise security, security operations, detection engineering, cloud security, identity and access management, endpoint security, vulnerability management, or incident response
• Demonstrated experience building or improving security programs that emphasize proactive and preventative controls, automation, and early risk reduction over reactive incident response
• Knowledge of AWS, Kubernetes, CI/CD security, endpoint security, identity and access management, vulnerability management, SIEM/SOAR, logging pipelines, and modern detection engineering practices
• Ability to communicate security risk, tradeoffs, and recommendations clearly to technical, non-technical, and senior leadership audiences
• Experience improving detection and response maturity through logging strategy, detection coverage, alert tuning, automation, playbooks, tabletop exercises, postmortems, and measurable process improvements
• Experience improving enterprise security programs across SaaS applications, identity providers, endpoint controls, corporate infrastructure, and employee security workflows
• Experience operating in a regulated environment, financial technology company, or organization with high security, privacy, or compliance requirements
• Security certifications such as CISSP, CISM, GIAC, AWS Security Specialty, or similar credentials

Benefits

• Target bonuses
• Equity compensation
• Generous benefits packages (including medical, dental, vision, and 401k)
• Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly
• Retirement benefits to help you plan for the future, including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed, up to $15,000 annually (USD in the US, CAD in Canada)
• Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees (US only)
• Comprehensive health coverage designed to support you and your family, including medical, dental, vision, and wellness resources for US and supplemental health coverage for Canada.
• Health Savings Account contributions from Upstart for eligible plans (US only)
• Income protection benefits, including life insurance and disability coverage for added financial security
• Paid time off, sick leave, and company holidays, in line with local requirements
• Paid family and parental leave to support caregiving and major life moments (duration varies by country)
• Family-centered benefits to support fertility, parenthood, and caregiving needs
• Employee Assistance Program (EAP) offering mental health support and life-centered resources
• Financial wellness resources, including access to financial planning tools and a financial concierge service (US Only)
• Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you
• Annual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from
• Connection and community through team events, all-company updates, and employee resource groups (ERGs)
• Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our offices in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!)

Company Overview

Company H1B Sponsorship