Senior Network Security Engineer

Summary

Join Marqeta as a Senior Network Security Engineer and play a crucial role in designing, implementing, and maintaining security solutions for our infrastructure and data. This fully remote position, open to candidates across Canada, focuses on endpoint and network security, including EDR/DLP technologies, firewalls, VPNs, and AWS security services. You will investigate and remediate threats, ensure compliance, and collaborate with cross-functional teams. The ideal candidate possesses extensive experience in network and endpoint security, AWS, and related technologies. Marqeta offers competitive compensation, including a comprehensive benefits package and a flexible work environment.

Requirements

• A minimum of 5 years related experience with a Bachelor’s degree; or 3 years and a Master’s degree; or a PhD with 2 years’ experience; or an equivalent combination of related education and work experience
• Proven experience with endpoint security tools (e.g., CrowdStrike, Carbon Black, or similar)
• 3+ years hands-on experience working with network security technologies: firewalls, VPNs, proxies, and DNS security solutions like Cisco Umbrella
• Strong understanding of secure network architecture and protocols (e.g., TCP/IP, DNS, HTTPS, VPN)
• 3+ years Experience implementing and managing egress and ingress traffic filtering strategies, including split tunneling configurations
• Excellent communication and collaboration skills

Responsibilities

• Implement and improve endpoint detection and response (EDR) and Data Loss prevention (DLP) technologies
• Secure network traffic, and drive key initiatives to enhance our overall network security posture
• Maintain security aspects of our Software-Defined Networking solution, Firewall and VPN
• Deploy and manage Endpoint Detection and Response (EDR) and endpoint and or cloud based Data Loss Prevention (DLP) solutions
• Investigate and remediate endpoint threats while ensuring compliance with security policies
• Architect, implement, and maintain firewalls, VPNs, and proxies to secure network communication
• Implement "always-on" VPN solutions, including strategies for egress and ingress traffic filtering, split tunneling, and secure access controls
• Enhance DNS security using Cisco Umbrella or similar DNSSEC tools
• Monitor, analyze, and secure network traffic to prevent unauthorized access and data breaches
• Design and maintain security policies for Software Defined Networking (SDN) environments
• Ensure effective egress and ingress filtering across cloud and on-premises environments
• Implement and manage AWS-native security solutions, including AWS WAF (Web Application Firewall), AWS Shield, and AWS Firewall Manager
• Configure and optimize AWS Security Groups, Network ACLs, and VPC flow logs to ensure secure and efficient network operations
• Leverage AWS CloudTrail and AWS Config to monitor and enforce security compliance across AWS environments
• Implement secure architecture patterns for AWS services, including secure configurations for API Gateway, ALB/ELB, and private connectivity using AWS PrivateLink
• Deploy and manage traffic inspection solutions, such as AWS Network Firewall and third-party security appliances, within AWS environments
• Analyze and secure communication protocols (e.g., TCP/IP, HTTP, HTTPS, DNS, SSL/TLS) to safeguard against vulnerabilities
• Implementing IPSec and SSL VPN based solutions
• Perform deep packet inspection to identify and mitigate threats in real-time
• Identify and address network misconfigurations or design flaws to strengthen the overall security architecture
• Develop and deploy security solutions tailored to remote work environments
• Ensure secure configurations for "always-on" VPNs and split-tunneling scenarios
• Collaborate with the Security Operations Center (SOC) for network and endpoint incident investigations
• Lead post-incident analysis and recommend preventive measures
• Work with cross-functional teams to support regulatory compliance initiatives
• Educate staff on security best practices and enhance the security culture across the organization

Preferred Qualifications

• 2+ years hands-on experience with Software Defined Networking (SDN) is a significant advantage
• 2+ years expertise in AWS-native security services (e.g., AWS WAF, AWS Shield, AWS Firewall Manager, AWS Network Firewall)
• Familiarity with cloud security frameworks and tools (e.g., AWS Well-Architected framework)
• Knowledge of regulatory frameworks such as PCI-DSS, GDPR, or ISO 27001
• Experience with packet analysis tools (e.g., Wireshark, tcpdump) for troubleshooting and threat detection

Benefits

• Fully remote role, with the option to work from anywhere within Canada
• Multiple health insurance options
• Flexible time off – take what you need
• Retirement savings program with company contribution
• Equity in a publicly-traded company
• Monthly stipend to support our remote work model
• Annual “development dollars” to support our people growth and development
• Family-forming benefits and up to 20 weeks of Parental Leave
• Annual bonuses to eligible employees