Company

Open Positions

Be a part of the modern card issuing revolution

Security Engineering
United States
Marqeta on the Forbes Fintech 50

Lead Product Security Engineer

Marqeta powers innovative payment solutions for many of the apps and services you enjoy daily. Our open API provides unprecedented flexibility and control for industry-leading companies such as Uber, Coinbase, J.P.Morgan, and Block, to manage payment operations in real-time. 

Our team is a mix of industry experts and technology innovators who take a dynamic approach to solving challenging problems. Marqeta was named a 2022 Glassdoor Best Place to Work, highlighting our company culture and collaborative work environment. We are building a global team as diverse as the markets we serve and we’d love it if you joined us on our mission to change the way money moves. 

We’re a remote-first company. You have the choice to work from wherever you’re happiest and most productive, whether that’s from home, a co-working space, or one of our four global offices, depending on your location. It’s uncommon for candidates to match all job requirements, but if you’re not far off, we want to hear from you.

Marqeta is growing a Security Engineering team with the goal of setting a new industry standard for security in the payments space. In this role, you will support secure product development for the world’s first modern card issuing platform. 

Marqeta’s Product Security team seeks engineers with expertise in Application Security OR whom have a strong interest in Application Security with domain expertise in core Software Engineering, to support our Product team's capacity to deliver secure products and services.

You will use your domain expertise in software development and vulnerability remediation strategies to help Marqeta’s Engineering org develop industry compliant services, implement security tooling within modern CICD pipelines, develop and deploy secure containerized (ECS, K8s) microservices, and define minimum viable secure products (MVSPs) within a highly regulated space. This role may also support training and security awareness initiatives, with an emphasis on developing healthy partnerships with engineering leadership. The right candidate for this role either is excited to develop a skillset applying modern App Sec and Prod Sec standards into tangible deliverables, or has the background and hands-on experience to do so out of the gate.

As a Lead Prod Sec Engineer, you are responsible for secure by design initiatives in product, threat model validation, coordinating security reviews, and shepherding teams to adopt and implement application security tooling. Marqeta’s Prod Sec Engineers have strong influence within the Product Engineering org, and knowledgeable individuals who can communicate with empathy and act with practicality will do especially well in this role.

Why are we so excited about this new role? Because security is central to our mission “to be the global standard for modern card issuing, empowering builders to bring the most innovative products to the world.” Also, we’re passionate about creating a culture of belonging and inclusion - this includes welcoming a variety of backgrounds, levels and career stages. The requirements listed in our Prod Security Engineer job descriptions are guidelines, not hard and fast rules. If this job intrigues you, but you think you might not meet all of the qualifications, please apply anyway!

Come work alongside a strong and strategically expanding security team and enjoy opportunities to apply your knowledge in new ways.

What you'll do

  • Build scalable platform services and libraries

  • Champion security across engineering

  • Develop custom SAST tooling/rules and improve defect detection

  • Track and Manage metrics for Prod Security adoption

  • Develop new patterns for Threat Modeling and Security Reviews

  • Focus on “Shift-Left” initiatives, supporting Marqeta’s Product Engineers

What we're looking for

  • Hands on development in Python, GoLang, Java and/or NodeJS
  • Experience with IaaC tooling incl but not limited to Terraform or Helm
  • Knowledge of AWS Fundamentals
  • Experience coordinating Security initiatives in cross-functional settings
  • Background in Application Security, including experience with SAST, DAST, and SCA
  • Experience with Software Engineering Development Workflows, including flavors of CI/CD
  • Ability to map a path forward and drive a project to completion
  • Experience with Developing close partnerships with Product Engineers
  • Solid grasp of full-stack engineering: front-end/backend, API and service architecture design, web infrastructure and distributed systems
  • Excellent communication and collaboration skills
  • Employ strong collaboration patterns and enjoy creating positive cross-team dynamics
  • Understand ownership and support positive outcomes
  • Remain constructive under pressure, with a flexible working style

Nice to have

  • Experience building reliable, scaleable software - preferably with SaaS systems
  • Experience deploying Golang and Java services at scale
  • Knowledge of Identity and Access Management best practices and protocols, such as OAuth, OpenID Connect, SAML, MFA, and SCIM
  • Firm understanding of OWASP Top 10, Application Security tooling, and Content Security Policies
  • Experience in Payments or Financial Services

Benefits and Perks

  • Flexible time off – take what you need
  • Retirement savings program with company contribution
  • Employee insurance premiums paid 100% + coverage for dependents and pets
  • Family forming benefits including fertility support and up to 20 weeks Parental Leave
  • Free therapy sessions, financial coaching, and a Wellness stipend
  • Monthly stipend to support our hybrid work model 
  • Equity in a publicly-traded company
  • Bi-annual “Hack Week” to support and reward innovation

Learn more about Marqeta on our Website, Twitter and LinkedIn.

As part of our dedication to the diversity of our workforce, Marqeta is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant on any legally-recognized protected basis under federal, state or local laws, regulations or ordinances.

Our Applicant and Candidate Privacy Notice applies to the personal data that you directly provide to us or that we collect during the application and candidate recruitment process.

#LI-Remote