About Upstart At Upstart, we’re united by a mission that matters: to radically reduce the cost and complexity of borrowing for all Americans. Every day, we bring creativity, experimentation, and advanced AI to reshape access to credit, helping millions move forward financially with clarity and confidence. As the leading AI lending marketplace, we partner with banks and credit unions to expand access to affordable credit through technology that’s both radically intelligent and deeply human. Our platform runs over one million predictions per borrower using more than 1,800 signals, powering smarter, fairer decisions for millions of customers. But the numbers only hint at the impact. Every idea, every voice, and every contribution moves us closer to a world where credit never stands between people and their financial progress. We’re proudly digital-first, giving most Upstarters the flexibility to do their best work from wherever they thrive, alongside teammates across 80+ cities in the US and Canada. Digital-first doesn’t mean distant. We’re intentional about in-person connection through team onsites, planning sessions, and moments that spark creativity and trust. And whether you choose to work primarily from home or collaborate in-person from one of our offices in Columbus, Austin, the Bay Area, or New York City (opening Summer 2026), you’ll have the support to work in the way that works best for you. If you’re energized by tackling meaningful problems, excited to innovate with purpose, and motivated by work that truly matters, we’d love to hear from you. The Team: Upstart’s Application Security team is passionate in bringing progressive approaches in securing our products. We believe that security should empower innovation, move at the speed of business, and have safety by design as core principles. Our team’s mission is to ensure the safety of our core product platforms, enterprise, and manage threats to Upstart. We approach our efforts through automation, strong collaboration with our partner teams, and maintaining a positive experience for Upstarters.. As the Principal Application Security Engineer at Upstart, you will be expected to lead cross-functional and cross-organizational discussions and outcomes around threat modeling, application and infrastructure security. You will be expected to deeply understand the business verticals and product needs and influence them to build highly secure systems and platforms. You will have a direct hand in shaping the strategic security posture and roadmap for Upstart and should be a well-rounded technologist and security practitioner. How you’ll make an impact: - Define and drive Upstart’s application security strategy, aligning secure-by-design principles with business priorities, regulatory expectations, and our AI-driven product roadmap. - Lead cross-functional security architecture reviews for critical initiatives, influencing engineering, platform, data, and infrastructure decisions to reduce systemic risk early in the SDLC. - Establish and scale a robust threat modeling program for high-risk systems, including customer-facing applications, lending workflows, and ML/AI pipelines, translating findings into durable engineering standards and controls. - Design and standardize application security guardrails across the SDLC, including secure coding practices, automated testing (SAST/DAST/SCA), CI/CD protections, and secrets management. - Partner with Infrastructure and Cloud teams to strengthen the security posture of cloud-native and distributed systems, ensuring defense-in-depth across application and infrastructure layers. - Identify and reduce internal and external attack surface through automation and platform-level solutions, prioritizing long-term risk reduction over point-in-time remediation. - Serve as a senior technical authority during high-severity incidents, driving root cause analysis and durable architectural improvements. - Elevate security maturity across the organization by mentoring engineers, influencing leadership through clear risk metrics, and fostering a culture where security enables innovation. What we’re looking for: Minimum requirements: - 9+ years of experience in security engineering, with at least 5 years focused on application security - Demonstrated experience leading security architecture reviews and threat modeling for complex, customer-facing production systems - Experience in Java, Python or Ruby development. - Experience designing and implementing application security controls across the SDLC, including secure coding standards, API Security, SAST/DAST/SCA, CI/CD security, and secrets management - Demonstrable track record as an influential leader, delivering security solutions with multiple stakeholder groups - Experience managing multiple and simultaneous, significant information security initiatives and programs - Experience developing code and building services to enhance unique security operational needs - Experience with advanced threat modeling techniques and risk assessment Preferred qualifications: - 10+ years of experience spanning across multiple security and engineering domains in a cloud-native and/or distributed systems environment - Experience building or scaling an application security program, including defining metrics, maturity models, and risk-based prioritization frameworks - Familiarity with security considerations in modern frontend frameworks, APIs (REST/GraphQL), and microservices architectures. - Experience partnering with Legal, Risk, Compliance, and Audit teams to operationalize security controls in regulated environments - Security certifications such as CISSP, CCSP, AWS Security Specialty, or equivalent practical expertise Position Location - This role is available in the following locations: San Mateo, Columbus, Austin, Remote Time Zone Requirements - This team operates on the East/West Coast time zones. Travel Requirements - This team has regular on-site collaboration sessions. These occur 3-4 days per Quarter at one of our office locations or some other off-site location determined by your team/manager. If you need to travel to make these meetups, Upstart will cover all travel related expenses. #LI-REMOTE #LI-MidSenior At Upstart, your base pay is one part of your total compensation package. The anticipated base salary for this position is expected to be within the below range. Your actual base pay will depend on your geographic location–with our “digital first” philosophy, Upstart uses compensation regions that vary depending on location. Individual pay is also determined by job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process. In addition, Upstart provides employees with target bonuses, equity compensation, and generous benefits packages (including medical, dental, vision, and 401k). United States | Remote - Anticipated Base Salary Range $190,600—$263,900 USD What you'll love At Upstart, our benefits are designed to support your health, financial well-being, family, and personal growth. Here’s what you can expect: - Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly - Generous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 per year - Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees - Affordable medical, dental, and vision coverage, with multiple plan options - Upstart covers 90% to 100% of the cost depending on the plans you choose - Health Savings Account contributions from Upstart for eligible plans - Income protection benefits, including company-paid Basic Life, AD&D, and Short- and Long-Term Disability coverage, with options to purchase supplemental coverage - Paid time off, sick and safe time, and company holidays - Paid family and parental leave to support caregiving and major life moments - Family-centered benefits through Carrot and Cleo, supporting fertility, parenthood, and caregiving - Employee Assistance Program (EAP) offering mental health support and life-centered resources - Financial wellness resources, including access to financial planning tools and a financial concierge service - Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you - Annual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from - Connection and community through team events and onsites, all-company updates, and employee resource groups (ERGs) - Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our four offices, located in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!). Upstart is a proud Equal Opportunity Employer. Just as we are dedicated to improving access to affordable credit for all, we are committed to inclusive and fair hiring practices. If you require reasonable accommodation in completing an application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please email candidate_accommodations@upstart.com https://www.upstart.com/candidate_privacy_policy

• Act as a dedicated security partner for a specific business portfolio. • Build a "Secure Flow" that integrates security directly into the developer workflow. • Lead a portfolio to establish a scalable operating model, ensuring that every application is visible, assessed, and secured. • Collaborate with Enterprise Technology to configure and integrate cybersecurity systems that mitigate risk. • Troubleshoot and quickly resolve escalated incidents. • Design, build, configure, maintain, monitor cybersecurity threat defense capabilities and user access management. • Coordinate integration and collaboration with managed security providers. • Investigate and recommend corrective actions related to incidents.

• As the Security Technical Program Manager (TPM), you will sit at the critical intersection of Security, Engineering, and Compliance. • Reporting directly to the Head of Security, you will drive the execution of complex technical programs that allow our security posture and culture to scale with our rapid growth. • These programs are in direct service to our patients’ and providers’ safety. • This role partners closely with security engineering to translate complex technical initiatives into clear, executable programs that meet our security and regulatory obligations. • You will own strategic planning, program execution, and cross-functional coordination, ensuring that security priorities are delivered with rigor, transparency, and accountability. • As a key member of the Security Leadership team, you will influence security strategy and drive alignment across Engineering, Compliance, and People Ops, enabling the organization to operate at scale while maintaining a strong security posture.

Join a dynamic team at the pulse of global markets, where we deliver innovative software and service solutions for essential financial reporting and capital markets transactions. At DFIN, we are a values-driven organization that empowers you to build a fulfilling career while bringing your authentic self to work every day. Our "Win as One" mentality ensures that our team's success is directly linked to Client, Shareholder and Employee Satisfaction. Recognized as one of AMERICA'S MOST LOVED WORKPLACES® for five consecutive years and a Built In Best Places to Work for six years, we are committed to our employees' total well-being. Enjoy competitive compensation, a flexible workplace, comprehensive benefits, and opportunities for professional growth. Bring your passion and talents to DFIN - because being YOU thrives here. Summary: The Network Security Architect will perform Network and Network Security assessments and technical evaluations for existing applications and new technology initiatives. Based on industry best practices, this individual will provide guidance and hands-on experience to teams in design, development, and maintenance of various networking and network security solutions. This role will include continuous improvement of network security architecture policies, standards, and procedures for various types of solutions residing in public/private/hybrid infrastructure or SaaS-based solutions. This individual will provide technical leadership and consulting to teams across DFIN who are implementing, modifying, and maintaining technology solutions. The individual will mentor junior and senior engineers on a regular basis and provide technical guidance on operational and project matters. The individual will align emerging solutions across the enterprise to DFIN's Zero Trust Strategy. Responsibilities: • Design and Implementation: Develop and implement comprehensive and detailed architectures for LAN, WAN, and cloud environments, ensuring high availability, scalability, and security. Provide domain expertise in both public and private cloud and enterprise technology. • Technical to Business Translation: Analyze business requirements to develop technical network solutions and their framework. Drive continuous improvement for DFIN network and network security architectures, assess business and application requirements, and recommend optimizations accordingly. • Technical Leadership: Directs the team to adhere to established standards, policies, procedures and configuration guidelines for Network and Network security solutions. Develop Functional, Nonfunctional and Business requirements documentation for new network security initiatives. Actively review architecture ensuring adherence to security standards and policies • Vision: Develops technology roadmaps including on-prem infrastructure and cloud infrastructure. Assist in developing vision and roadmap for the Network Security team. • Firewall Management: Configure, manage, and troubleshoot firewalls to protect network integrity and data security. • Azure Integration: Design and manage network solutions within Azure, including virtual networks, VPNs, load-balancing, network security solutions, and hybrid cloud setups. Test and monitor Azure network and security solutions to ensure optimal performance, scalability, and resilience. • Data Flow and Network Path Analysis: Identify and optimize data flows and network paths to enhance performance and efficiency. • Documentation: Create and maintain detailed network diagrams, configurations, and documentation for reference and troubleshooting. • Collaboration: Work closely with IT teams, product teams, and vendors to ensure seamless integration and operation of network systems in Cloud and Data Centers. • Troubleshooting: Provide advanced troubleshooting and support for network-related issues, ensuring minimal downtime and disruption. • Mentoring: Mentor Junior and Senior engineers as needed around network design, best practices and troubleshooting. • On-Call: Provide Level-3 escalation for level-1/2 On-call duties. Qualifications: Technical Skills: • Minimum of 10 years of hands-on experience in network architecture and design. • Expertise with network security products - Firewall, WAF, LB, DDOS. • Expertise with networking products - Routers, Switches, SDWAN, SASE, wireless, NAC, etc. • Experience with cloud computing platforms including IaaS, PaaS, and SaaS delivery models', key technologies include Azure, Office365, AWS, Google Cloud, container services, and CASB solutions. • Knowledge of Zero trust, zone-based architecture, defense in depth, SASE, SSE, and micro-segmentation • Strong expertise of IT risks, cyber security, Cloud components, Routing Protocols, Security protocols and tools. • Familiarity with Identity solutions, CI/CD tools, configuration and automation techniques, scripting languages, containers and orchestration solutions. • Great communication and interpersonal skills. • Excellent written and verbal communications skills with experience presenting to leadership teams with the ability to communicate security and risk-related concepts to technical and non-technical audiences. Soft Skills: • Provide recommendations to continuously drive optimized spending and ensure maximum value for solution investments. • Lead the identification, development, and collection of key strategic and operational metrics for CISO org. • Research current industry technology to better facilitate vendor and partner communications. Business Partnership: • Establish and maintain strong partnership with the technical, business, customers, associates and sourcing stakeholders and vendors as necessary. • Actively participate in industry/vendor forums to guide product development activities. Education/Certifications: • Bachelor's degree in computer science, Information Technology, or a related field. • Relevant certifications such as CISSP, CCIE, CCDP, AWS/Azure certs, etc are highly desired It is the policy of Donnelley Financial Solutions to select, place, and manage all its employees without discrimination based on race, color, national origin, gender, age, religion, actual or perceived disability, veteran status, actual or perceived sexual orientation, genetic information or any other protected status. If you are a qualified individual w ith a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access jobs.dfinsolutions.com as a result of your disability. You can request a reasonable accommodation by sending an email to talentacquisition@dfinsolutions.com . At DFIN, protecting your identity is a top priority. Please be aware of scammers impersonating DFIN recruiters. DFIN recruiters will never request personal information via email or text. You will only receive a text from us if you've already been in contact. All automated messages will come from talentacquisition@dfinsolutions.com . If you ever have doubts about the legitimacy of any communication from us, please do not hesitate to reach out for verification via talentacquisition@dfinsolutions.com (this email is for general TA questions and is not used for updates on your application status). #BI-Remote