Staff Security Engineer

Summary

Join Marqeta as a Staff Security Engineer and play a crucial role in shaping and implementing cutting-edge security strategies. You will lead initiatives in cloud data security, encryption and key management, and PKI & certificate management. This remote-first role offers the flexibility to work from anywhere in the U.S. or from our Oakland office. Responsibilities include developing data security architecture, defining encryption standards, collaborating with cross-functional teams, and ensuring compliance with security standards. The ideal candidate possesses extensive experience in data security, encryption, key management, and cloud computing, along with strong collaboration and problem-solving skills. Marqeta offers a competitive salary, comprehensive benefits, and opportunities for professional development.

Requirements

• A minimum of 8 years related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience
• 5+ years of professional experience within data security including encryption, tokenization, PKI implementation and key management
• 4 years+ of in-depth experience working with payment and/or general-purpose HSMs, cloud KMSs
• 4+ years of practical experience in encryption algorithms (e.g., AES, RSA), protocols (e.g., TLS/SSL), key management, secrets management
• 3+ years with cloud computing architectures and Infrastructure as Code (e.g., Terraform)
• 2+ years working experience with security regulatory/compliance requirements including PCI, NIST and GDPR
• 2+ years experience with data security, classification and posture management tooling
• Strong collaboration and communication skills, with the ability to influence cross-functional teams and stakeholders
• Problem-solving skills to navigate complexity and security risks with confidence and flexibility

Responsibilities

• Lead the development of enterprise-level data security architecture and strategies
• Define encryption and secrets management standards, ensuring alignment with product development and enterprise needs
• Collaborate closely with security, technology, and privacy teams to implement and maintain data classification, encryption, and key management standards
• Deploy, configure, and manage cloud-based Key Management Services (KMS) and Hardware Security Modules (HSMs)
• Participate in Proof of Concept (POC) testing and demonstrations for new cryptographic products and services
• Serve as a key custodian, overseeing the full lifecycle of sensitive key material, including governance and security controls
• Maintain and update data security tooling such as Data Security Posture Management (DSPM) and Data Loss Prevention (DLP) solutions
• Ensure systems remain compliant with evolving security standards like PCI-DSS and FIPS 140-2 & 140-3
• Provide operational support, including on-call rotation, and document critical procedures such as key lifecycle management and disaster recovery plans
• Research emerging security standards and advise on their integration into our strategies

Preferred Qualifications

• Experience with Thales payShield HSM, AWS KMS and AWS Secrets Manager
• Coding experience and working knowledge of Google Tink, PKCS11, JCE , OpenSSL and other crypto libraries
• Familiarity with Kubernetes, cloud platforms, and IaC tools like Terraform
• Experience with AWS Payment Cryptography would be a major plus
• CISSP, CCSP, CISA or other appropriate certifications is a plus

Benefits

• Multiple health insurance options
• Flexible time off – take what you need
• Retirement savings program with company contribution and after tax contributions
• Equity in a publicly-traded company and an Employee Stock Purchase Program
• Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave
• Free therapy sessions, financial and professional coaching, and legal advice
• Monthly stipend to support our remote work model
• Annual “development dollars” to support our people growth and development
• Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office