Staff Security Engineer - Identity

We’re seeking an experienced Staff Security Engineer with a strong passion for Identity and Access Management. In this role, you’ll have the opportunity to shape and implement cutting-edge identity management strategies to protect access to all systems of Marqeta.

Join us in building a secure and frictionless Identity and Access management program where you’ll play a crucial part in:

• Building and growing the Identity Governance and Administration program
• Implementing Privileged Access Management in a Cloud First environment
• Architecting and designing a Certificate Lifecycle Management service 

The ideal candidate will have a deep expertise across identity security disciplines along with good written and oral communication skills. 

The Impact You’ll Have:

• Develop and implement robust IAM strategies and architectures to meet organization’s security, compliance, and operational needs.
• Contribute to the design, implementation, and maintenance of the Identity Security program, including Identity Governance and Administration (IGA), Privileged Access Management (PAM), Access Management (AM), Secrets Management and Certificate Lifecycle Management.
• Integrate IAM systems with cloud applications, SaaS and other IT services.
• Automate provisioning, de-provisioning, and other role management processes.
• Maintain systems for Single Sign-On (SSO), Multi-Factor Authentication (MFA), and password management
• Develop and manage processes to ensure least-privilege and zero-trust access principles.
• Collaborate with senior leadership to evaluate and recommend IAM best practices into enterprise security strategies.
• Lead IAM-related projects, working closely with cross-functional teams such as Technology, DevOps, and Security
• Mentor and provide technical guidance to junior engineers and team members
• Streamline IAM processes through automation and advanced technologies.
• Enforce IAM policies, standards, and controls to address IAM-related threats and vulnerabilities
• Stay current with industry trends and emerging technologies to recommend enhancements.

Who You Are:

• A minimum of 8 years related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
• Proficiency in IAM tools (e.g., Okta, CyberArk, Ping Identity, SailPoint)
• Strong knowledge of identity governance, RBAC, PAM, and cloud-based IAM solutions.
• Knowledge of LADAP, Active Directory (AD), and cloud-based directories
• Familiarity with compliance frameworks and standards (e.g., NIST, SOC 2, PCI DSS).
• Exceptional problem-solving and project management skills.
• Experience in automating, deploying, and supporting large-scale projects
• Experience with cloud environments (e.g., AWS, Azure, GCP) and Infrastructure as Code (IaC) tools such as Terraform or CloudFormation.
• Deep understanding of protocols such as SAML, OAuth, OpenID Connect, and Kerberos.
• Strong communication and interpersonal skills to work effectively with stakeholders at all levels.
• Proficiency with scripting or programming languages (e.g., PowerShell, Python) for automating IAM processes.
• Work with developers, DevOps, and IT teams to integrate Identity tools into existing workflows
• Troubleshoot Access related issues in a cloud environment and provide ongoing maintenance.

Nice to have

• Relevant certifications such as CISSP, CISM, or IAM-specific credentials (e.g., CIAM/CAMS, CyberArk Certified, Okta Certified Consultant).
• Experience with AWS technologies such as Lambda, S3, DynamoDB, RDS, Aurora, SNS, SQS, CloudTrail, CloudWatch, Code Pipeline, AWS Developer Tools, and IAM roles and permissions
• Experience with DevOps tools and practices, including secrets management and CICD pipelines

Manager

• Chetan Jha

Recruiter for this role

• Kayla Osuna

Compensation and Benefits

Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office. To support Flex First, we calibrate pay to a competitive value according to working location. 

When determining salaries, we consider several factors including, but not limited to, skills, prior experience, and work location. The new-hire base salary range for this position, reflected in CAD,  is: 141,900 - 177,400.

We also believe in recognizing the contributions of our people. That's why we award annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company.

Along with monetary compensation, Marqeta offers

• Multiple health insurance options
• Flexible time off – take what you need
• Retirement savings program with company contribution
• Equity in a publicly-traded company 
• Monthly stipend to support our remote work model
• Annual “development dollars” to support our people growth and development
• Family-forming benefits and up to 20 weeks of Parental Leave