Senior Security Engineer, Detection & Response

Summary

Join Marqeta's Security Operations & Response Team as a Senior Security Engineer based in Canada. This senior-level role demands deep expertise in enterprise security tools, threat intelligence, and cloud technologies. You will lead complex incident response efforts, develop advanced detection capabilities, and mentor junior team members. The position involves a 24x7 on-call rotation, combining hands-on response with long-term program development. You will play a critical role in evolving our detection engineering program through proactive threat hunting, automation, and strategic collaboration. This role follows a flexible first approach and can be based remotely in Ontario or British Columbia.

Requirements

• 5+ years of hands-on experience in security operations with deep expertise in detection engineering, threat hunting, incident response, digital forensics, and/or threat intelligence
• Intellectual curiosity with a passion for understanding emerging threats, analyzing attack patterns, and continuously learning about evolving security landscapes and adversary tactics
• Strong investigative instincts that compel you to dig deeper into anomalies, follow evidence trails, and reconstruct complex security incidents from fragmented data
• Commitment to proactive learning and staying ahead of evolving threats by researching emerging attack techniques and sharing insights with the security team
• Solid technical foundation in security concepts and technologies, with hands-on experience using enterprise security tools including EDR, SIEM, and SOAR platforms
• Proficiency with threat intelligence frameworks such as MITRE ATT&CK and their application in assessing detection capabilities and coverage gaps
• Expertise in developing new threat detection use cases based on security telemetry analysis, environment baselining, actionable threat intelligence, and incident response findings
• Ability to identify detection coverage gaps across global infrastructure and collaborate with stakeholders to enhance visibility through improved logging and detection content
• Strong understanding of AWS cloud services and containerization technologies
• Experience with infrastructure as code tools such as Terraform

Responsibilities

• Serve as a primary security responder, leading the triage and investigation of complex security alerts as part of the Security Operations & Response team
• Participate in 24x7x365 on-call rotations, providing senior-level expertise and escalation support for security events, alerts, and incidents
• Lead technical response efforts as a core member of the Cybersecurity Incident Response Team during security incidents
• Engineer and maintain sophisticated detection logic across multiple data sources to identify persistent threats and anomalous behavior patterns
• Design and implement comprehensive detection coverage mapping, documenting capabilities and identifying blind spots in the threat landscape
• Develop and track key performance indicators, including metrics pertaining to detection effectiveness, false positive rates, mean time to detect, respond, and recover in collaboration with leadership
• Develop and maintain comprehensive incident response runbooks, standard operating procedures, and technical documentation to ensure consistent and effective response operations
• Mentor junior team members in security operations best practices, detection engineering techniques, and incident response methodologies
• Build automation workflows and orchestration playbooks that enhance detection engineering processes, threat hunting operations, and incident response procedures
• Conduct proactive threat hunting campaigns using hypothesis-driven methodologies to uncover hidden threats in corporate and production environments
• Continuously evaluate and optimize existing detection rules through threat modeling, ensuring coverage evolves with the changing attack landscape

Benefits

• Multiple health insurance options
• Flexible time off – take what you need
• Retirement savings program with company contribution
• Equity in a publicly-traded company
• Monthly stipend to support our remote work model
• Annual “development dollars” to support our people growth and development
• Family-forming benefits and up to 20 weeks of Parental Leave