TITLE: IDENTITY AND ACCESS MANAGEMENT ENGINEER STATUS: EXEMPT REPORT TO: MANAGER – IT IDENTITY AND ACCESS MANAGEMENT DEPARTMENT: IT – IAM AND APPS JOB CODE: 11965 PAY RANGE: $102,000.00 - $105,000.00 ANNUALLY GENERAL DESCRIPTION: As an Identity and Access Management Engineer, you will play a pivotal role in shaping and executing IAM strategies, overseeing user access management procedures, and ensuring adherence to security and regulatory standards. This position requires you to work closely with cross-functional teams to enhance access management processes, address technology challenges, mitigate risks, and support organizational growth. Your leadership, technical acumen, and communication skills will be critical for driving success in this role. You must have a client-focused, team-oriented approach that balances operational needs and user experience to provide best-in-class identity security for the organization. TASKS, DUTIES, FUNCTIONS: - Propose and implement technical IAM solutions that align with business objectives and enhance operational efficiency. - Serve as the primary escalation point for complex user or business stakeholder issues, providing expert resolution and guidance. - Collaborate with business teams to facilitate the migration of applications into IAM management, ensuring smooth transitions and integration. - Establish and maintain relationships with vendors. Regularly assess vendor performance and cost-effectiveness to ensure value. - Technical leader for projects related to IAM initiatives, including analysis, planning, design, implementation, and transition to operations. - Mentor team members. Develop and implement training programs to enhance technical skills and performance across all levels of the team. - Lead account lifecycle management, governance, and administration from inception to termination for all users. Manage access privileges of internal and external individuals. - Manage the day-to-day operations of IAM systems by monitoring system performance, configuration, maintenance and repair. Analyzes production system operations using tools such as monitoring, capacity analysis and outage root cause analysis to identify change that ensures continuous improvement in system stability and performance. - Applies advanced knowledge and understanding of concepts, principles, and technical capabilities to manage a wide variety of projects. - Fosters innovation and automation by developing and/or supporting the introduction of new and improved methods, products, procedures, or technologies. - Perform other duties as assigned. PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THE PERFORMANCE OF THESE TASK: - Effective oral and written communication skills - Must possess sufficient manual dexterity to skillfully operate on-line computer terminal, record machinery, and standard office equipment including adding machine, personal computer, and telephone. ORGANIZATIONAL CONTACTS & RELATIONSHIPS: - INTERNAL: Works closely with IT teams and is likely to have contact with leadership teams throughout the organization. - EXTERNAL: Vendors and government agencies. QUALIFICATIONS: - EDUCATION: Bachelor’s degree in computer science, Information Technology, or a related field. Equivalent work experience may be considered in lieu of 4-year degree. - EXPERIENCE: Minimum of 5 years in IAM engineering, architecture or equivalent roles. - KNOWLEDGE/SKILLS: - Experience in engineering IAM projects, including planning, execution, and delivery within defined timelines and budgets. - Proven ability to mentor a team, manage projects, and work collaboratively across departments. - Proficiency in IAM technologies (e.g., One Identity, Okta, SailPoint, Entra, Microsoft Azure AD, CyberArk, etc.). Demonstrated expert level knowledge of PowerShell scripting. - Strong understanding of identity governance, authentication protocols (e.g., SAML, OAuth, OpenID Connect), and access management. - Experience with IAM architecture and integration with enterprise systems. - Strong analytical and problem-solving skills to address complex IAM challenges. Demonstrated problem solving ability that allows for effective and timely resolution of system issues including but not limited to production outages. - Excellent verbal and written communication skills to effectively interact with technical and non-technical stakeholders. - Strong organizational skills, attention to detail, and the ability to handle multiple priorities. PHYSICAL REQUIREMENTS: - Prolonged sitting and moving throughout the workday, with occasional mobility required. - Corrected vision within the normal range. - Hearing within the normal range required. A device to enhance hearing will be provided if needed. - Ability to lift 30 lbs. as may be required. - Occasional movements throughout the department daily to interact with staff, accomplish tasks, etc. LICENSES / CERTIFICATIONS: Microsoft Certified: Identity and Access Administrator Associate (Required) Microsoft Certified: Azure Administrator Associate (Desired) #LI-Remote Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. THIS JOB DESCRIPTION PROVIDES AN OVERVIEW OF THE GENERAL SCOPE AND LEVEL OF WORK EXPECTED TO BE PERFORMED, BUT IT IS NOT AN EXHAUSTIVE LIST OF ALL DUTIES OR RESPONSIBILITIES ASSOCIATED WITH THE POSITION. THE CREDIT UNION RESERVES THE RIGHT TO MODIFY, ADD, OR REMOVE DUTIES AS NEEDED WITHOUT ADVANCE NOTICE. EMPLOYEES MAY BE REQUIRED TO PERFORM ADDITIONAL TASKS AND DUTIES AS DIRECTED BY THEIR SUPERVISOR, PROVIDED SUCH TASKS ARE WITHIN THE EMPLOYEE’S KNOWLEDGE, SKILLS, AND ABILITIES, OR CAN BE PERFORMED WITH REASONABLE TRAINING. NOTHING IN THIS JOB DESCRIPTION ALTERS THE AT-WILL EMPLOYMENT RELATIONSHIP OR LIMITS THE CREDIT UNION’S RIGHT TO ASSIGN OR REASSIGN DUTIES AND RESPONSIBILITIES TO THIS POSITION AT ANY TIME. REV. 1/9/2026

About Upstart At Upstart, we’re united by a mission that matters: to radically reduce the cost and complexity of borrowing for all Americans. Every day, we bring creativity, experimentation, and advanced AI to reshape access to credit, helping millions move forward financially with clarity and confidence. As the leading AI lending marketplace, we partner with banks and credit unions to expand access to affordable credit through technology that’s both radically intelligent and deeply human. Our platform runs over one million predictions per borrower using more than 1,800 signals, powering smarter, fairer decisions for millions of customers. But the numbers only hint at the impact. Every idea, every voice, and every contribution moves us closer to a world where credit never stands between people and their financial progress. We’re proudly digital-first, giving most Upstarters the flexibility to do their best work from wherever they thrive, alongside teammates across 80+ cities in the US and Canada. Digital-first doesn’t mean distant. We’re intentional about in-person connection through team onsites, planning sessions, and moments that spark creativity and trust. And whether you choose to work primarily from home or collaborate in-person from one of our offices in Columbus, Austin, the Bay Area, or New York City (opening Summer 2026), you’ll have the support to work in the way that works best for you. If you’re energized by tackling meaningful problems, excited to innovate with purpose, and motivated by work that truly matters, we’d love to hear from you. The Team Upstart’s Information Security team is dedicated to advancing security practices that enhance the safety of our products, customers, and partners. We believe security should empower innovation, move at the speed of the business, and be built in from the ground up. Our mission is to protect Upstart’s products and enterprise while enabling teams to move quickly and safely through strong collaboration, automation, and thoughtful security design. As a Principal Security Engineer focused on Data Security, you will play a critical role in defining, building, and leading Upstart’s data security program. This is a highly impactful role that combines deep hands-on technical execution with program leadership. You will design and implement scalable data security capabilities, influence cross-functional partners across the company, and help establish long-term strategy and accountability for how data is protected at Upstart. This role is ideal for a senior security practitioner who enjoys operating at the intersection of coding, architecture, and cross-functional leadership, and who has experience taking complex security programs from concept to reality. Position Location - This role is available in the following locations: Remote (US), San Mateo, Columbus, Austin Time Zone Requirements - This team operates on the East/West Coast time zones. Travel Requirements - As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to to still spend high quality time in-person collaborating via regular onsites. The in-person sessions’ cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time. How you’ll make an impact: - Lead the design and execution of Upstart’s data security program, from early foundations through mature, scalable systems - Architect and build software solutions (APIs, services, and internal tools) that enable effective data protection and governance - Partner closely with Engineering, Analytics, Product, Legal, Risk, HR, and other stakeholders to secure sensitive data across diverse domains - Establish clear goals, success metrics, and accountability for data security initiatives - Drive adoption of least-privilege access models and modern data protection patterns across the organization - Mentor engineers and security practitioners, fostering strong technical standards and a culture of ownership - Continuously improve systems by learning from real-world signals such as false positives, operational feedback, and evolving threats What we’re looking for: - Minimum requirements: - Bachelor’s degree in Computer Science, Engineering, or Mathematics, or a related field (or its equivalent) + 8 years of experience - Extensive experience across enterprise and operational security domains, with deep focus on Data Security and Identity & Access Management - Experience owning or leading a Data Security, DLP (Data Loss Prevention), or DSPM (Data Security Posture Management) initiatives - Proven experience leading security programs that span multiple teams and functions - Strong software engineering background, with the ability to design and build production-quality systems (e.g., APIs, services, or internal web applications) - Experience launching new security capabilities or programs from 0 to 1 in complex environments - Deep understanding of least-privilege principles and practical experience applying them at scale - Excellent communication skills, with the ability to influence senior technical and non-technical stakeholders - Ability to navigate ambiguity, make sound tradeoffs, and independently drive meaningful change - Preferred qualifications: - Familiarity with modern data protection tooling such as endpoint DLP, data classification, or posture management platforms - Experience working with diverse data domains (e.g., analytics, reporting, business operations, or people data) - Contributions to the security community through talks, publications, open-source projects, or other industry involvement - Familiarity with compliance frameworks such as SOC 1, SOC 2, and SOX - Interest in long-term growth as a senior individual contributor, with openness to future people leadership paths At Upstart, your base pay is one part of your total compensation package. The anticipated base salary for this position is expected to be within the below range. Your actual base pay will depend on your geographic location–with our “digital first” philosophy, Upstart uses compensation regions that vary depending on location. Individual pay is also determined by job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process. In addition, Upstart provides employees with target bonuses, equity compensation, and generous benefits packages (including medical, dental, vision, and 401k). United States | Remote - Anticipated Base Salary Range $190,600—$263,900 USD What you'll love At Upstart, our benefits are designed to support your health, financial well-being, family, and personal growth. Here’s what you can expect: - Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly - Generous 401(k) plan with Upstart matching $2 for every $1 contributed, up to $15,000 per year - Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees - Affordable medical, dental, and vision coverage, with multiple plan options - Upstart covers 90% to 100% of the cost depending on the plans you choose - Health Savings Account contributions from Upstart for eligible plans - Income protection benefits, including company-paid Basic Life, AD&D, and Short- and Long-Term Disability coverage, with options to purchase supplemental coverage - Paid time off, sick and safe time, and company holidays - Paid family and parental leave to support caregiving and major life moments - Family-centered benefits through Carrot and Cleo, supporting fertility, parenthood, and caregiving - Employee Assistance Program (EAP) offering mental health support and life-centered resources - Financial wellness resources, including access to financial planning tools and a financial concierge service - Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you - Annual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from - Connection and community through team events and onsites, all-company updates, and employee resource groups (ERGs) - Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our four offices, located in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!). Upstart is a proud Equal Opportunity Employer. Just as we are dedicated to improving access to affordable credit for all, we are committed to inclusive and fair hiring practices. If you require reasonable accommodation in completing an application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please email candidate_accommodations@upstart.com https://www.upstart.com/candidate_privacy_policy

• Utilising knowledge of cloud technology to plan, write and improve cloud security labs, challenges and online learning content on the Immersive platform. • Produce multi-format content utilising various teaching methods; practical exercises, questions & gamification • Test Cloud Security labs to ensure they function as expected • Work with the Engineering and Content teams on new projects/products and how best to deploy them

• Threat model application designs and solutions and provide security risk assessments. • Collaborate with product managers, designers, and engineers to threat model and architect secure and resilient systems. • Design and build internal tooling for engineering teams. • Write robust, resilient, and maintainable software primarily in Go and Python. • Champion an internal security culture, mentor teams in security best practices, and oversee vulnerability management program.