AppSec Jobs
← Back to all jobs

Upside

Staff Application Security Engineer

Washington, DCWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Upside

Upside is a cash-back rewards platform that connects consumers with brick-and-mortar retailers, including gas stations, grocery stores, restaurants, and hardware stores. Users can earn cash back on everyday purchases, enhancing their shopping experience while helping businesses increase sales. The platform operates a marketplace that reaches over 35 million consumers through its app and partner networks, offering personalized promotions to drive transactions without disrupting retailer operations. Founded around 2015 and headquartered in the US, Upside has offices in Austin, New York, and Chicago. The company is committed to sustainability, dedicating 1% of its revenue to initiatives like carbon offset projects and food rescue. Upside provides a free mobile app that allows users to earn cash back on various purchases and offers a retailer platform that delivers targeted promotions to boost foot traffic and profits. Additionally, it offers business tools, including personalized dashboards for tracking sales and profits.

Industry

retail

Employees

310

72 engineers

Revenue

$44M

Website

Visit →

Security at Upside

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Data security is a core operating principle that underpins how Upside works.
  • The AppSec philosophy emphasizes enabling engineers to code safely through partnership and collaboration rather than gatekeeping.
  • The team runs security code tests (SAST, SCA) and partners with engineers to remediate unsafe code.
  • Upside maintains certifications such as ISO/IEC 27001 and operates in a continuously monitored environment with automated detection and remediation.
  • A key goal is to innovate with AI and deliver security solutions to mitigate application vulnerabilities.

Security Team

You'll report into the Director, Information Security (Mia Kralowetz, Director of Information Security, joined Upside in 2022). The AppSec team is embedded within Information Security. LinkedIn company size ranges from 201-500 employees. There is currently 1 active Staff Application Security Engineer job posting as of March 25, 2026. The team demonstrates expertise in GitHub Suite (Advanced Security, Actions, Copilot), Python, Terraform, AWS Lambda, and ChatGPT. Public org chart and explicit AppSec headcount are not publicly available.

Key Initiatives

Shift Left: Security code tests (SAST, SCA) are run with partnerships between AppSec and engineering teams for remediation. Vulnerability Management: Upside published a Vulnerability Disclosure Policy via Inspectiv (launched September 2025) with a 180-day remediation window. The team has experience with vulnerability management, penetration testing initiatives, and bug bounty management. Secure SDLC: The team creates threat models and engages technology teams to review and document risks. Security Champions Program status is not publicly available.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.