[Principal/Lead/Sr] Security Engineer

Named as a Forbes Fintech 50 in 2019, Marqeta powers modern payment solutions for

companies innovating new services and process flows in a digital world. Our platform, open

API, and advanced analytics provide unprecedented control for companies to issue cards,

authorize transactions and manage payment operations in real-time.

We are a team of industry experts and technology innovators who take a dynamic approach to

solving challenging problems. We power possibilities for our customers by bringing the best

talent together in an open and collaborative work environment that rewards creativity and

perseverance.

Marqeta is proud of its Oakland roots and strives to build a global team as diverse as the markets

we serve, staying true to our values to Connect the Customer, Find a Way, Make Simple, Take

Risk and Build One Marqeta. We are not expecting any single candidate to meet all job

requirements listed below, so please apply. It’s an exciting time to join Marqeta. As we grow,

your career and opportunities will grow as well.

Position Summary

Marqeta is growing a Security Engineering Team with the goal of significantly improving

industry standards in Secure Platform and Secure Service Delivery in the Payments space.

As a member of Marqeta’s Security Engineering Team, you’re responsible for design,

development and implementation of our core platform, infrastructure and enterprise security

services and controls. Your work protects our most critical environments, as well as meets or

exceeds the various regulatory compliance standards required in the Payments Industry.

This multifunctional role broadly interfaces with Marqeta’s Platform Engineering, SRE, Network

Engineering and Enterprise IT teams, and is vital to Marqeta’s Product and Enterprise Security

Program.

The [Principal/Lead/Sr] Security Engineer role supports build and deployment operations and

produces reference implementations for secure services and architectures. You’ll develop new

strategies for identity and access management (IAM) frameworks, assist Platform and

Infrastructure Engineering with coherent processes around change control, in addition to defining

secure development and deployment standards. You’ll verify and validate internal DevOps

practices, toolsets and artifacts. Additionally, you’ll support the vetting, deployment and design

of Enterprise Security tooling.

The ideal candidate for this role has a strong desire to lead the organization in well-considered

Security Engineering methodologies, is seasoned in either AWS or GCP cloud-based services,

has a strong passion for Rugged DevOps driven patterns, and an excellent ability to

communicate across roles, teams and disciplines. You enjoy platform engineering work, systems

integration and automation, and you’re passionate about implementing new security patterns and

services.

Marqeta is remote work positive and this role is offered in the scope of a distributed remote

team. 

Primary Responsibilities

 Build and deploy self-service tools for Infrastructure, IT, Platform, and SRE Engineers

 Maintain Security Controls in Platform, Enterprise and Infrastructure Services

 Implement and Support End-to-End Transport Security and Proxy Layer Services

 Lead Infrastructure and Platform Design Reviews

 Implement and Maintain Security Patterns in Pre-Release and Post-Release Deployment

 Triage, Respond to and Investigate Security Incidents affecting Platform and Infra

Services

 Implement and Maintain Platform and Infrastructure Threat Monitoring and Detection

Tools

 Manage and Deploy Services for Security Team

 Mentor Marqeta App Sec, Infra, IT, Platform and SRE Engineers

 Support Quarterly PCI Efforts

Requirements

 5+ yrs Demonstrable and Practical Experience in Systems and Infrastructure Engineering

or Comparable Experience in a DevOps Role

 5+ years working for an Enterprise SaaS-based organization

 2+ yrs experience working within a Security Operations role

 Familiar with concepts related to MFA, systems integration, webhooks, SCIM 2.0, "zero-

trust", along with the various means of systems access (cURL, API, browser, systems-

level) from an authentication perspective

 Expert level proficiency with various means of federated access, and how to select the

right frictionless authentication method of a given problem

 You pride yourself in a holistic approach to your work

 You have a sincere passion for Security Engineering and Operations as a discipline

 You’re an excellent communicator

 You employ strong collaboration patterns and enjoy creating positive team dynamics

 You know how to own and support positive outcomes

 You remain constructive under pressure, with a flexible working style

 You have solid experience and consistency with remote work and engaging distributed

teams

 Demonstrated experience in several of the following disciplines: incident response,

detection tooling, vulnerability management, security operations, cloud security,

infrastructure security, network security, security tools development

 Experience selecting and implementing tools for SIEM, IDS and vulnerability scanning

 Experience with automating new and existing processes and tools

 Experience with AWS, Java, Python, Ruby, and other modern open source languages and

tools

Technical Skills

 Functional development experience and proficiency in Python, Go or Ruby

 Functional Experience with Ansible, Terraform and Packer

 Experience with AWS Architecture and Service Deployment

 Experience with IAM services and tools. Okta experience a plus

 Experience with Container Technology (Docker, ECS, Kubernetes/K8s) and their

respective security tools

 Familiarity with Java and JVM based Application Stacks (e.g. Tomcat)

 Strong Knowledge of TLS-based Service Architectures

 Strong Experience with Linux Platforms (CentOS/Ubuntu/Debian/etc)

 Experience with Secure Deployment Specification

 Experience with Production Build Pipelines and CI/CD stacks (Ex. Jenkins, Nexus,

Drone CI)

 Strong Interest in Automation Practices

Bonus Points

 Experience in Payments or Financial Services

 Firm understanding of OWASP Top 10, Application Security tooling, Content Security

Policies, and RASP/WAF a plus

 Experience with Remote Work

Perks 

 Rich suite of benefit plans; employee premiums paid 100%

 Generous Paid Time Off

 Full paid Parental Leave

 Pet insurance

 401k plan with a Company match

 Competitive pay

 Meaningful equity

 Bi-annual “Hack Week” to support and reward innovation

 Monthly commuter and parking subsidy

 Open, transparent culture that includes All Hands meetings, Lunch-and-Learns, all-

company offsites, etc.

 Access to corporate gym membership rates, other discounts and employee perks

 Fully stocked kitchen, catered lunches twice a week, breakfast on Fridays and more!

We are committed to an inclusive and diverse workplace. Marqeta is an equal opportunity

employer. We do not discriminate based on race, ethnicity, color, ancestry, national origin,

religion, sex, sexual orientation, gender identity, age, disability, veteran status, genetic

information, marital status or any other legally protected status.