Staff Security Engineer

Summary

Join Marqeta as a Staff Security Engineer and play a crucial role in building and growing its Identity Governance and Administration program. You will implement Privileged Access Management, architect a Certificate Lifecycle Management service, and develop robust IAM strategies. This position requires a minimum of 8 years of related experience and proficiency in IAM tools. The ideal candidate possesses strong problem-solving skills, experience with cloud environments, and excellent communication abilities. Marqeta offers a competitive salary, flexible work arrangements, annual bonuses, multiple health insurance options, flexible time off, a retirement savings program, equity, a monthly remote work stipend, and annual development dollars.

Requirements

• A minimum of 8 years related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience
• Proficiency in IAM tools (e.g., Okta, CyberArk, Ping Identity, SailPoint)
• Strong knowledge of identity governance, RBAC, PAM, and cloud-based IAM solutions
• Knowledge of LADAP, Active Directory (AD), and cloud-based directories
• Familiarity with compliance frameworks and standards (e.g., NIST, SOC 2, PCI DSS)
• Exceptional problem-solving and project management skills
• Experience in automating, deploying, and supporting large-scale projects
• Experience with cloud environments (e.g., AWS, Azure, GCP) and Infrastructure as Code (IaC) tools such as Terraform or CloudFormation
• Deep understanding of protocols such as SAML, OAuth, OpenID Connect, and Kerberos
• Strong communication and interpersonal skills to work effectively with stakeholders at all levels
• Proficiency with scripting or programming languages (e.g., PowerShell, Python) for automating IAM processes

Responsibilities

• Develop and implement robust IAM strategies and architectures to meet organization’s security, compliance, and operational needs
• Contribute to the design, implementation, and maintenance of the Identity Security program, including Identity Governance and Administration (IGA), Privileged Access Management (PAM), Access Management (AM), Secrets Management and Certificate Lifecycle Management
• Integrate IAM systems with cloud applications, SaaS and other IT services
• Automate provisioning, de-provisioning, and other role management processes
• Maintain systems for Single Sign-On (SSO), Multi-Factor Authentication (MFA), and password management
• Develop and manage processes to ensure least-privilege and zero-trust access principles
• Collaborate with senior leadership to evaluate and recommend IAM best practices into enterprise security strategies
• Lead IAM-related projects, working closely with cross-functional teams such as Technology, DevOps, and Security
• Mentor and provide technical guidance to junior engineers and team members
• Streamline IAM processes through automation and advanced technologies
• Enforce IAM policies, standards, and controls to address IAM-related threats and vulnerabilities
• Stay current with industry trends and emerging technologies to recommend enhancements
• Work with developers, DevOps, and IT teams to integrate Identity tools into existing workflows
• Troubleshoot Access related issues in a cloud environment and provide ongoing maintenance

Preferred Qualifications

• Relevant certifications such as CISSP, CISM, or IAM-specific credentials (e.g., CIAM/CAMS, CyberArk Certified, Okta Certified Consultant)
• Experience with AWS technologies such as Lambda, S3, DynamoDB, RDS, Aurora, SNS, SQS, CloudTrail, CloudWatch, Code Pipeline, AWS Developer Tools, and IAM roles and permissions
• Experience with DevOps tools and practices, including secrets management and CICD pipelines

Benefits

• Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office
• Annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company
• Multiple health insurance options
• Flexible time off – take what you need
• Retirement savings program with company contribution
• Equity in a publicly-traded company
• Monthly stipend to support our remote work model
• Annual “development dollars” to support our people growth and development
• Family-forming benefits and up to 20 weeks of Parental Leave