Marqeta is hiring a
Staff Adversarial Engineer, Remote - United States

Summary

Marqeta is looking for a Staff Adversarial Engineer with at least 5+ years of experience to lead penetration tests, conduct security architecture reviews, and implement strategies for enhanced shift-left security within the SSDLC. The role can be performed remotely or from their Oakland office.

Requirements

• You have at least 5+ years of experience as an engineer with a Bachelor’s degree; or 3 years of experience with an advanced degree. Instead of a degree, 8+ years of relevant experience may suffice
• Experience in Red/Blue teaming teaming activities and automation
• Prior experience managing security tooling infrastructure and configuration
• Industry standard certifications like OSCP/OSCE/CEH, CISSP, CWAD
• Experience or knowledge about Payments or Financial Services and associated compliance requirements
• Understanding of cloud computing architecture
• Demonstrated experience creating positive team and cross-team dynamics
• Strong analytical and problem-solving skills that enable navigation of complexity, uncertainty, risks and issues
• Expert-level knowledge in threat modeling methodologies such as STRIDE or PASTA and their applied use in fast-moving, iterative development lifecycles
• Experience in working with static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) security tools
• Knowledge of cloud native technologies including containers, Kubernetes, and services provided by AWS, GCP, and Azure
• Knowledge of OWASP ASVS, SCVS, and related verification standards

Responsibilities

• Initiate and lead all phases of penetration tests and red team activities, including Scoping, Planning, Communications, and Execution of key activities (Reconnaissance, Vulnerability identification, Exploitation, and Reporting)
• Conduct penetration tests across Web applications, APIs, Mobile applications, infrastructure, cloud environments, and devices
• Conduct red team engagements across complex environments (including operational technologies)
• Experience in Supply Chain Security Risks identification and management
• Liaison compliance driven web application penetration tests with external vendors
• Triage vulnerability reports submitted to our Bug Bounty program – includes tracking and responding to submissions, coordinating with teams to triage and resolve issues, and providing feedback to security researchers
• Engagement with Core Engineering leads to ensure timely risk remediation
• Work closely with development teams to design and implement strategies for enhanced shift-left security within the SSDLC
• Take a role in the definition of relevant product security architecture strategies, roadmaps, policies, standards, and procedures
• Maintain and update relevant solutions and tooling to support new business requirements while ensuring a consistent, compliant, and central service delivery
• Document operational procedures (such as those for deployments, breakglass plans etc.) as well as current state architecture and configurations
• Provide on-call rotation support to relevant services and tooling

Preferred Qualifications

• Experience with Java, Go, Rust, Python, C, C++, or Ruby
• Experience with AWS cloud services, containerization technologies such as Kubernetes, and IaaC tooling such as Terraform or Helm
• Knowledge of Agile methodologies

Benefits

• The role can be performed remotely or from their Oakland office
• Marqeta is proud to be an equal opportunity employer that gives consideration to all qualified applicants regardless of race, ancestry, national origin, color, Indigenous, citizenship, religion/creed, sex, sexual orientation, gender identity, gender expression marital status, family status, disability, veteran status, criminal histories consistent with legal requirements, or any other characteristic protected by applicable law