Staff DevSecOps Engineer (Cryptography)

We’re seeking an experienced Staff DevSecOps Engineer with a passion for securing cloud-native applications and a strong background in AWS cloud security. In this role, you’ll drive the integration of security into our development pipelines, leveraging automation and coding expertise in Python, Go, and Java to protect our platforms.

Join us in building secure, scalable cloud environments where you’ll play a key role in:

• Cloud Security – Implementing robust security controls across AWS environments.
• DevSecOps Practices – Embedding security into CI/CD pipelines and infrastructure as code.
• Automation – Developing tools and scripts to enhance security monitoring, response, and cryptography operations.

This is a remote-first role, with the option to work from anywhere within the U.S. or from our Oakland office. If you’re excited about securing the future of cloud-native applications, we’d love to have you on our team!

What You'll Do:

• Design and implement security architectures for AWS-based applications, leveraging services like IAM, GuardDuty, and Security Hub.
• Secure AWS generative AI workloads, ensuring proper access controls, data encryption, and model security for services like Amazon Bedrock and SageMaker.
• Integrate security into CI/CD pipelines, ensuring secure code deployment using tools like AWS CodePipeline and CodeBuild.
• Develop and maintain automation scripts and tools in Python, Go, or Java to enhance security monitoring, incident response, and compliance.
• Automate cryptography-related tasks and operations using AWS Lambda functions for AWS KMS and Secrets Manager.
• Automate on-prem and off-prem HSM tasks using Java, Python, or Go to streamline key management processes.
• Collaborate with development, operations, and security teams to implement data protection, access control, and vulnerability management strategies.
• Manage and secure infrastructure as code (IaC) using Terraform or AWS CloudFormation, ensuring secure configurations.
• Monitor and respond to security incidents, utilizing AWS CloudTrail, CloudWatch, and other logging tools.
• Ensure compliance with security standards such as PCI DSS through automated controls and audits.
• Research emerging cloud security and cryptography trends and integrate best practices into our strategies.

What We're Looking For:

• A minimum of 8 years of related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
• 5+ years of professional experience in DevSecOps, cloud security, or application security.
• 4+ years of hands-on experience with AWS security services (e.g., IAM, KMS, Secrets Manager, GuardDuty, Security Hub).
• 4+ years of coding experience in Python, Go, and/or Java, with a focus on security automation or tool development.
• 3+ years of experience with infrastructure as code (e.g., Terraform, CloudFormation) and CI/CD tools (e.g., Jenkins, GitHub Actions).
• 2+ years of experience with container security (e.g., Docker, Kubernetes) and securing microservices architectures.
• 2+ years of experience with security compliance frameworks (e.g., PCI DSS).
• Strong collaboration and communication skills, with the ability to influence cross-functional teams.
• Problem-solving skills to navigate complex security challenges with confidence and flexibility.

Nice to Have:

• Experience with AWS KMS, AWS Secrets Manager, or Google Tink.
• Working knowledge of Amazon Bedrock/SageMaker security features.
• Familiarity with HSM automation for on-prem and off-prem environments.
• Experience with Kubernetes security tools (e.g., Falco, Trivy).
• Proficiency in additional scripting languages or frameworks (e.g., Bash, Node.js).
• CISSP, CCSP, AWS Certified Security – Specialty, or other relevant certifications.
  
  
  Job Expectations:

• Occasional travel (up to 10%).
• A hiring process that includes an application, recruiter call, hiring manager video call, and a virtual “onsite” interview.

Compensation and Benefits

Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office. To support Flex First, we calibrate pay to a competitive value according to working location. Compensation is aligned according to three tiers within the United States:

• National: A baseline tier that applies to most of the geographic territory of the United States.
• Premium: Slightly elevated from the National tier, and oriented toward a narrower set of higher cost-of-living areas, such as Los Angeles CA and Seattle WA
• Premium Plus: A tier for the most expensive working areas, like the San Francisco Bay area and New York City.

Visit this page or consult with a Recruiter to determine which tier would be applicable to you.

When determining salaries, we consider several factors including, but not limited to, skills, prior experience, and work location. The new-hire base salary range for this position is:

• National: $167,100 - $208,900
• Premium: $179,800 - $224,700
• Premium Plus: $195,400 - 244,200

We also believe in recognizing the contributions of our people. That's why we award annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company.

Along with monetary compensation, Marqeta offers

• Multiple health insurance options
• Flexible time off – take what you need
• Retirement savings program with company contribution and after tax contributions
• Equity in a publicly-traded company and an Employee Stock Purchase Program
• Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave
• Free therapy sessions, financial and professional coaching, and legal advice
• Monthly stipend to support our remote work model
• Annual “development dollars” to support our people growth and development

About Marqeta

Marqeta is on a mission to change the way money moves. We’re one of the earliest enablers of embedded finance, a market opportunity sized up in the trillions. Our card issuing platform provides unprecedented flexibility and control for companies to issue cards, authorize transactions, and manage payment operations in real time. Marqeta is powering the most well known brands in the new economy (Block, Cash App, Affirm, Instacart, Doordash, Uber, Walmart, etc). You don’t need to be a Payments expert to join the Marqeta Team, let us help you with that.  This is the opportunity of a lifetime to work with innovators around the world and unlock equitable financial access for all.

---

Marqeta’s Values

– Solve for the Customer: With a deep understanding of our customers' business and empathy for their needs, we deliver products and services that drive their success. Earning and keeping their trust guides everything we do.

– Do What's Right: Knowing businesses and livelihoods depend on us, we pursue solutions that disrupt responsibly and deliver high-quality results that our customers count on. We own our work from start to finish.

– Simplify and Innovate: We approach challenges with curiosity and take smart risks. Innovation comes from finding better, simpler ways to achieve extraordinary outcomes.

– Win as a Team: We succeed together by embracing diverse perspectives and pushing each other to raise the bar. We lead with humility and set aside hierarchy to work as a team.

– Make it Count: We drive forward with focus and agility. With a sense of urgency and purpose, we get the job done, and done right.

---

Equal Employment Opportunity, Accommodations and Privacy 

Marqeta is proud to be an equal opportunity employer that gives consideration to all qualified applicants regardless of race, ancestry, national  origin, color, Indigenous, citizenship, religion/creed, sex, sexual orientation, gender identity, gender expression marital status, family status, disability, veteran status, criminal histories consistent with legal requirements, or any other characteristic protected by applicable law. 

Our dedication to diversity and inclusion extends beyond the categories above. Review Marqeta’s ESG Report to see that dedication in action. Fostering an environment where everyone feels valued and respected creates a stronger and more innovative team at Marqeta. We celebrate the unique contributions of each individual and empower all members of our organization. Join us in building a company where diversity thrives and everyone can be their authentic selves.

If you require reasonable accommodation for the application process and beyond (including due to a disability), please submit this form and we will be more than happy to assist you. Marqeta will make reasonable accommodations for candidates when needed in accordance with applicable law. The Applicant and Candidate Privacy Notice applies to the personal data that you directly provide to us or that we collect during the application and candidate recruitment process.