Senior Security Engineering Manager (Enterprise Security)

Role overview

Join Upstart as a Senior Security Engineering Manager (Enterprise Security). You will lead and mature security programs spanning enterprise security, security operations, and detection engineering, while partnering cross-functionally to align security priorities with business goals.

Responsibilities

• Lead and develop a team of security professionals; mature security practices across multiple domains.
• Define and drive Upstart’s approach to identify, prioritize, prevent, detect, and respond to security risks across:
  • corporate systems and cloud environments
  • business applications
  • endpoints
  • identity platforms and critical security workflows
• Partner with Engineering, IT, Legal, Compliance, Risk, and business leaders to deliver measurable security outcomes.
• Establish security metrics, own program roadmaps and execution, and manage cross-functional dependencies.
• Evaluate and improve security tooling and processes.
• Lead security incidents/operational security programs, including investigation coordination, communications, remediation tracking, and post-incident improvements.
• Improve detection/response maturity via logging strategy, detection coverage, alert tuning, automation, playbooks, tabletop exercises, and postmortems.

Requirements

• 3+ years managing security professionals or leading security engineering programs across multiple teams/stakeholders.
• 8+ years in information security/security engineering/enterprise security/security operations/detection & response/incident response/vulnerability management/cloud security or related domains.
• Experience partnering with Engineering, IT, Compliance, Legal, Risk, or business to deliver measurable security outcomes.
• Experience owning roadmaps, priorities, metrics, and execution for security programs.
• Proven ability to build/improve security programs emphasizing proactive and preventative controls, automation, and early risk reduction.
• Experience improving maturity across domains such as enterprise security, security operations, detection engineering, cloud security, IAM, endpoint security, vulnerability management, and incident response.
• Knowledge of AWS, Kubernetes, CI/CD security, endpoints, IAM, vulnerability management, SIEM/SOAR, logging pipelines, and modern detection engineering.
• Strong communication skills for technical and executive audiences.
• Experience operating in a regulated environment (financial tech preferred).

Nice to have

• Security certifications such as CISSP, CISM, GIAC, AWS Security Specialty, or similar.