Security Engineering Manager Jobs (NOW HIRING)

The Team

Upstart's Security Engineering team protects Upstart's people, systems, products, and data by building and operating security capabilities that reduce risk across the company. The team works across enterprise security, security operations, and detection security engineering to strengthen Upstart's security posture through scalable controls, effective monitoring and response, secure tooling, automation, and cross-functional security programs.

As a Senior Security Manager for Enterprise Security Engineering at Upstart, you will lead a team responsible for building and maturing security programs across enterprise security, security operations, and detection engineering. You will help define how Upstart identifies, prioritizes, prevents, detects, and responds to security risks across corporate systems, cloud environments, business applications, endpoints, identity platforms, and critical security workflows.

This leader will shape a security engineering culture that prioritizes proactive and preventative controls over purely reactive response. By investing in durable controls, automation, detection coverage, and early risk reduction, the team can reduce costly incidents, minimize operational disruption, and focus its time on the highest-impact security risks. You will partner closely with Engineering, IT, Legal, Compliance, Risk, and business leaders to mature Upstart's security capabilities and ensure security priorities are aligned with company goals.

How you'll make an impact:

• Lead the strategy, roadmap, and execution for security engineering programs across enterprise security, security operations, and detection security engineering.
• Manage, coach, and develop a team of security professionals, ensuring the team has clear priorities, measurable goals, effective operating rhythms, and opportunities for career growth.
• Build and mature proactive and preventative security controls across corporate systems, cloud environments, identity platforms, endpoints, SaaS applications, and security operations workflows.
• Improve Upstart's ability to detect, investigate, and respond to threats by strengthening detection coverage, alert quality, logging strategy, response playbooks, automation, and operational processes.
• Drive cross-functional security initiatives across Engineering, IT, Compliance, Legal, Risk, and business teams, aligning security priorities with company objectives, risk tolerance, and operational needs.
• Establish and report on meaningful security engineering and operations metrics, including program health, control effectiveness, detection and response performance, remediation progress, and risk reduction outcomes.
• Evaluate and improve security tooling, processes, and controls to reduce systemic risk, increase operational efficiency, and ensure the team is focused on the highest-value security work.
• Raise the maturity of Upstart's security programs by identifying recurring issues, addressing root causes, and developing

What we're looking for: 

• Minimum requirements:
• 8+ years of experience in information security, security engineering, enterprise security, security operations, detection and response, incident response, vulnerability management, cloud security, or related security domains.
• 3+ years of experience managing security professionals or leading security engineering programs across multiple teams or stakeholder groups.
• Experience owning roadmaps, priorities, metrics, and execution for security programs with cross-functional dependencies.
• Experience building or operating security capabilities in cloud-based and enterprise environments, including working knowledge of common security tooling, logging, monitoring, detection, identity, endpoint, and response practices.
• Experience leading security incidents or operational security programs, including investigation coordination, stakeholder communications, remediation tracking, and post-incident improvement.
• Experience partnering with Engineering, IT, Compliance, Legal, Risk, or business teams to deliver measurable security outcomes.
• Preferred qualifications:
• Experience leading security programs across multiple domains such as enterprise security, security operations, detection engineering, cloud security, identity and access management, endpoint security, vulnerability management, or incident response.
• Demonstrated experience building or improving security programs that emphasize proactive and preventative controls, automation, and early risk reduction over reactive incident response.
• Knowledge of AWS, Kubernetes, CI/CD security, endpoint security, identity and access management, vulnerability management, SIEM/SOAR, logging pipelines, and modern detection engineering practices.
• Ability to communicate security risk, tradeoffs, and recommendations clearly to technical, non-technical, and senior leadership audiences.
• Experience improving detection and response maturity through logging strategy, detection coverage, alert tuning, automation, playbooks, tabletop exercises, postmortems, and measurable process improvements.
• Experience improving enterprise security programs across SaaS applications, identity providers, endpoint controls, corporate infrastructure, and employee security workflows.
• Experience operating in a regulated environment, financial technology company, or organization with high security, privacy, or compliance requirements.
• Security certifications such as CISSP, CISM, GIAC, AWS Security Specialty, or similar credentials.

Position location This role is available in the following locations: Remote - US

Time zone requirements The team operates on the East/West coast time zones. 

Travel requirements As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to to still spend high quality time in-person collaborating via regular onsites. The in-person sessions' cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.

#LI-REMOTE

#LI-MidSenior