Principal Cloud Security Engineer

San Francisco

Upgrade Inc. logo
Upgrade Inc.
Apply now Apply later

Posted 2 weeks ago

Upgrade is a fintech unicorn backed by a top 10 global bank and other leading fintech investors. Founded in 2017, Upgrade has already delivered $3 billion in consumer credit and achieved $100 million in annual revenue run rate and cash profitability.
Upgrade is building a neobank offering exceptional value to mainstream consumers, including affordable and responsible credit through cards and loans. In 3 short years 10 million people have already applied for an Upgrade Card or loan.
Upgrade has been named a “Best Place to Work in the Bay Area” by the San Francisco Business Times and Silicon Valley Business Journal 3 years in a row, and received “Best Company for Women” and “Best Company for Diversity” awards from Comparably.
We are looking for new team members who get excited about designing and implementing new and better products and join a team of 300 talented and passionate professionals. Come join us if you like to tackle big problems and make a meaningful difference in people's lives.


  • Lead the security strategy governing the applications and cloud-based platform infrastructure.
  • Collaborate with other infrastructure, DevOps, InfoSec and application engineers to understand the product, technology and business needs. 
  • Define and own guidance, alerts and security as code deployments to provide protection from malicious traffic, vulnerabilities and other attack vectors.
  • Oversee building and maintaining an AWS cloud infrastructure architecture aligning security, compliance, performance and resilience. 
  • Own the management and remediation of identified security flaws within our development platforms.
  • Build and maintain monitoring, auditing, and reporting frameworks that produce artifacts that support security and compliance needs.
  • Architect procedures to automate security tasks which seamlessly integrate into code builds and deployments.
  • Build security utilities and tools for internal use that enable the DevSecOps team to operate at high speed and wide scale.
  • Develop security and compliance capabilities in support of DevOps processes.
  • Create and maintain documentation for security systems.
  • Participate in an on-call rotation for 24x7 support of security operations. 
  • Research security industry trends and best practices to share with the organization through presentations and training sessions.  


  • At least 5+ years of relevant experience in modern DevSecOps space.
  • Expert level understanding of security best practices for client-server product architectures for cloud-based deployments.
  • In-depth knowledge of AWS services and hands-on experience.
  • Experience in performing security vulnerability assessments, good familiarity with PCI and SOX.
  • Knowledge of SSO methodologies (SAML, LDAPS, AD).
  • Experience in DevOps environments and maintaining security in CI/CD processes.
  • Experience in HashiCorp Vault.
  • Experience with Kubernetes and containerized applications.
  • Experience developing infrastructure as code (Terraform, Ansible).
  • Experience designing processes around DevSecOps tools.
  • Experience with cloud-based security management/IDS/IPS/SIEM tools (WAF, Inspector, GuardDuty, Twistlock, Splunk, Dome9, AlienVault, AlertLogic, Fortinet, Threat Stack, Sumologic, Imperva etc).
  • Knowledge of network based, system level, and application layer attacks and mitigation methods.
  • Experience extracting security data from SIEM solutions, audit logs.
  • Strong programming/scripting knowledge - Go, Python, Bash, etc.

Strong Plus:

  • Experience in OOP, TDD, design patterns, data structures and software security.
  • Experience with other IaaT platforms.
  • One or more recognized security and cloud specific certifications (e.g. CCSP, SSCP, CISSP, CCSK, GWAP, AWS Solutions Architect).


  • Designer office with amazing views of the bay!  
  • Comprehensive benefit package: medical, dental, and vision.
  • Unlimited vacation policy.
  • Flexible working environment.
  • Conveniently located in San Francisco Financial District.
  • Close to BART and public transportation.
  • Kitchen stocked with beverages, snacks and treats.
  • In office game rooms, yoga room, and abundance of lounge space.
  • Monthly social gatherings.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Candidate Privacy NoticeEffective Date: 1/1/2020
This California Candidate Privacy Notice is intended to provide California consumers who are employed or apply for employment or a contractor position with Upgrade information about the categories of personal information Upgrade collects and how the company uses this information. For any questions about this notice, please contact 1. Personal Information Upgrade Collectsa. Identifying information: including name, address, email, telephone number, social security number, driver license number, passport number, and other personal identifying information.b. Information you provide as a part of a job application or from a background check performed after a job offered is extended, including employment, education, credit, and criminal history.c. Data on work productivity and performance, including hours worked, electronic network activity, and tasks performed. 2. Purposes for Collecting Personal Informationa. To consider applications for employment.b. To complete payments, including payroll, expense reimbursement, other compensation-related payments, and the administration of stock options.c. To administer benefits, including medical, dental, vision, commuter, and retirement benefits.d. To provide human resources services and conduct performance evaluations.e. To monitor work eligibility including work-related licenses, credentials, training, and eligibility to work in the United States.f. To ensure a safe and efficient working environment.g. To comply with applicable legal or regulatory requirements including state and federal company reporting obligations. 
Job tags: Architecture Auditing AWS C CISSP DevOps Go IDS IPS Kubernetes PCI Python SIEM Splunk SSCP Strategy Vulnerabilities
Share this job: