The Team:
Upstart's Privacy Engineering team builds the systems, tools, and technical controls that help protect borrower, applicant, partner, and Upstarter data across our products and platforms. The team works across Engineering, Security, Legal, Compliance, Product, Data, and Machine Learning to make privacy-by-design practical and scalable.
As a Privacy Engineer II at Upstart, you will build software and services that embed privacy controls into the core architecture of Upstart's products and technical systems. You will help implement privacy-enhancing technologies, data minimization patterns, and governance tooling that support responsible data use across Upstart's AI lending marketplace.
How you'll make an impact
- Design, build, and operate privacy engineering services that support user control, data governance, anonymization, pseudonymization, retention, deletion, and auditability
- Implement privacy-by-design patterns and data minimization controls across Upstart's products, services, data pipelines, and machine learning systems
- Build APIs, libraries, services, and developer tools that help engineering teams standardize privacy enforcement across the technology stack
- Partner with Security, Legal, Compliance, Product, Data, Machine Learning, and Infrastructure teams to translate privacy requirements into clear technical specifications
- Support privacy reviews, data flow assessments, and technical risk assessments for new products, data uses, and platform capabilities
- Improve the reliability, observability, and maintainability of privacy systems through testing, monitoring, documentation, and thoughtful technical design
Minimum Qualifications
- Bachelor's degree in Computer Science, Engineering, Mathematics, or a related field, or equivalent practical experience, and 3+ years of experience in software engineering
- Experience building and operating production software systems using programming languages such as Python, Go, Java, Scala, C++, Rust, or similar languages
- Experience building APIs, microservices, libraries, or backend services that support data governance, privacy controls, security controls, or data platform capabilities
- Experience with at least two privacy or security domains such as anonymization, pseudonymization, data retention, deletion, data lineage, access control, encryption, audit logging, or data minimization
- Experience translating privacy, security, compliance, or data protection requirements into software systems or technical workflows
Preferred Qualifications
- Knowledge of privacy-by-design principles, privacy-enhancing technologies, purpose limitation, consent, retention, deletion, and data subject rights
- Experience with data governance systems, data catalogs, lineage tooling, personally identifiable information detection, redaction, or automated policy enforcement
- Experience supporting privacy reviews, threat modeling, data flow mapping, or technical risk assessments for production systems
- Experience working with machine learning systems, financial services, lending, or another regulated data environment
- Ability to communicate privacy engineering tradeoffs clearly across technical, legal, compliance, product, and business audiences
Travel requirements As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to to still spend high quality time in-person collaborating via regular onsites. The in-person sessions' cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.
#LI-REMOTE
#LI-MidSenior --> use for L5, L6