Staff Security Engineer - Identity

We’re seeking an experienced Staff Security Engineer with a strong passion for Identity and Access Management. In this role, you’ll have the opportunity to shape and implement cutting-edge identity management strategies to protect access to all systems of Marqeta.

Join us in building a secure and frictionless Identity and Access management program where you’ll play a crucial part in:

• Building and growing the Identity Governance and Administration program
• Implementing Privileged Access Management in a Cloud First environment
• Architecting and designing a Certificate Lifecycle Management service 

The ideal candidate will have a deep expertise across identity security disciplines along with good written and oral communication skills. 

The Impact You’ll Have:

• Develop and implement robust IAM strategies and architectures to meet organization’s security, compliance, and operational needs.
• Contribute to the design, implementation, and maintenance of the Identity Security program, including Identity Governance and Administration (IGA), Privileged Access Management (PAM), Access Management (AM), Secrets Management and Certificate Lifecycle Management.
• Integrate IAM systems with cloud applications, SaaS and other IT services.
• Automate provisioning, de-provisioning, and other role management processes.
• Maintain systems for Single Sign-On (SSO), Multi-Factor Authentication (MFA), and password management
• Develop and manage processes to ensure least-privilege and zero-trust access principles.
• Collaborate with senior leadership to evaluate and recommend IAM best practices into enterprise security strategies.
• Lead IAM-related projects, working closely with cross-functional teams such as Technology, DevOps, and Security
• Mentor and provide technical guidance to junior engineers and team members
• Streamline IAM processes through automation and advanced technologies.
• Enforce IAM policies, standards, and controls to address IAM-related threats and vulnerabilities
• Stay current with industry trends and emerging technologies to recommend enhancements.

Who You Are:

• A minimum of 8 years related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
• Proficiency in IAM tools (e.g., Okta, CyberArk, Ping Identity, SailPoint)
• Strong knowledge of identity governance, RBAC, PAM, and cloud-based IAM solutions.
• Knowledge of LADAP, Active Directory (AD), and cloud-based directories
• Familiarity with compliance frameworks and standards (e.g., NIST, SOC 2, PCI DSS).
• Exceptional problem-solving and project management skills.
• Experience in automating, deploying, and supporting large-scale projects
• Experience with cloud environments (e.g., AWS, Azure, GCP) and Infrastructure as Code (IaC) tools such as Terraform or CloudFormation.
• Deep understanding of protocols such as SAML, OAuth, OpenID Connect, and Kerberos.
• Strong communication and interpersonal skills to work effectively with stakeholders at all levels.
• Proficiency with scripting or programming languages (e.g., PowerShell, Python) for automating IAM processes.
• Work with developers, DevOps, and IT teams to integrate Identity tools into existing workflows
• Troubleshoot Access related issues in a cloud environment and provide ongoing maintenance.

Nice to have

• Relevant certifications such as CISSP, CISM, or IAM-specific credentials (e.g., CIAM/CAMS, CyberArk Certified, Okta Certified Consultant).
• Experience with AWS technologies such as Lambda, S3, DynamoDB, RDS, Aurora, SNS, SQS, CloudTrail, CloudWatch, Code Pipeline, AWS Developer Tools, and IAM roles and permissions
• Experience with DevOps tools and practices, including secrets management and CICD pipelines

Manager

• Chetan Jha

Recruiter for this role

• Kayla Osuna

Compensation and Benefits

Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office. To support Flex First, we calibrate pay to a competitive value according to working location. 

When determining salaries, we consider several factors including, but not limited to, skills, prior experience, and work location. The new-hire base salary range for this position, reflected in CAD,  is: 141,900 - 177,400.

We also believe in recognizing the contributions of our people. That's why we award annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company.

Along with monetary compensation, Marqeta offers

• Multiple health insurance options
• Flexible time off – take what you need
• Retirement savings program with company contribution
• Equity in a publicly-traded company 
• Monthly stipend to support our remote work model
• Annual “development dollars” to support our people growth and development
• Family-forming benefits and up to 20 weeks of Parental Leave

About Marqeta

Marqeta is on a mission to change the way money moves. We’re one of the earliest enablers of embedded finance, a market opportunity sized up in the trillions. Our card issuing platform provides unprecedented flexibility and control for companies to issue cards, authorize transactions, and manage payment operations in real time. Marqeta is powering the most well known brands in the new economy (Block, Cash App, Affirm, Instacart, Doordash, Uber, Walmart, etc). You don’t need to be a Payments expert to join the Marqeta Team, let us help you with that.  This is the opportunity of a lifetime to work with innovators around the world and unlock equitable financial access for all.

---

Marqeta’s Values

– Intentional Curiosity: We believe in asking the questions others shy away from. True progress comes from understanding today’s realities while challenging ourselves to do better and take on the status quo. 

– Thoughtful Responsibility: We believe that every interaction with our technology and platforms matters. Businesses and livelihoods rely on our work, so we strive for excellence and accountability every day with the highest standards for failsafe technology and compliance.

– Innovative Simplicity: We believe that simplicity is powerful, especially in innovation—making a tool work better or finishing that feature that makes everyone smile. Our customers face a lot of complexity. We’re not here to add more.

– Shared Success: We believe the measure of our success is the success of our employees, customers, and communities. From local businesses to big corporations, our impact goes deep and wide. And we’ve got the results to prove it.

– Passion to Thrive: We believe anyone with a better idea should be able to change the game for our company and our customers. We solve big problems for our customers and draw energy from that challenge and opportunity.

---

Equal Employment Opportunity, Accommodations and Privacy 

Marqeta is proud to be an equal opportunity employer that gives consideration to all qualified applicants regardless of race, ancestry, national  origin, color, Indigenous, citizenship, religion/creed, sex, sexual orientation, gender identity, gender expression marital status, family status, disability, veteran status, criminal histories consistent with legal requirements, or any other characteristic protected by applicable law. 

Our dedication to diversity and inclusion extends beyond the categories above. Review Marqeta’s ESG Report to see that dedication in action. Fostering an environment where everyone feels valued and respected creates a stronger and more innovative team at Marqeta. We celebrate the unique contributions of each individual and empower all members of our organization. Join us in building a company where diversity thrives and everyone can be their authentic selves.

If you require reasonable accommodation for the application process and beyond (including due to a disability), please submit this form and we will be more than happy to assist you. Marqeta will make reasonable accommodations for candidates when needed in accordance with applicable law. The Applicant and Candidate Privacy Notice applies to the personal data that you directly provide to us or that we collect during the application and candidate recruitment process.