Staff Security Engineer



United States · Remote
Posted on Tuesday, November 7, 2023

Marqeta is on a mission to change the way money moves. We’re one of the earliest enablers of embedded finance, a market opportunity sized up in the trillions. Our card issuing platform provides unprecedented flexibility and control for companies to issue cards, authorize transactions, and manage payment operations in real time. Marqeta is powering the most well known brands in the new economy (Block, Cash App, Affirm, Instacart, Doordash, Uber, Walmart, etc). Today nearly 8 out of 10 Americans use a product powered by Marqeta every week. This is the opportunity of a lifetime to work with innovators around the world and unlock equitable financial access for all.

We are looking for a Staff Security Engineer with a passion for Data Security and a deep expertise in Encryption. The ideal candidate will be excited about an opportunity to heavily contribute to design architectural strategies and engineer solutions that enable 1) data identification, classification and monitoring, 2) key management, and 3) encryption and decryption.

We work Flexible First. This role can be performed remotely anywhere within the United States or from our Oakland office. We’d love for you to join us!

What You’ll Do

  • Take a leading role in the definition of relevant enterprise security architecture strategies
  • Define encryption and secrets management standards for the enterprise to include Marqeta’s products
  • Partner with security and technology teams to ensure adherence to and enablement of encryption and secrets management standard through effective engagement models and security solutions
  • Partner with security and privacy teams to align on data classification and handling standard and enable the standard via architectural strategies
  • Deploy, configure/tune, monitor (health, performance, stability) and maintain:
    • Key management systems (KMSs)
    • Hardware security modules (HSMs)
    • Data security tooling (identification, classification and monitoring)
  • Serve as the primary custodian and provide end-to-end lifecycle management, governance and security of sensitive crucial material
  • Maintain and update relevant solutions and tooling to support new business requirements while ensuring a consistent, compliant, and central service delivery
  • Support product and technology teams in centralizing storage of sensitive key material
  • Provide on-call rotation support to relevant services and tooling
  • Document operational procedures (such as those for deployments, breakglass plans, key lifecycle management, etc.) as well as current state architecture and configurations
  • Research future computer security standards such as Payment Card Industry Data Security Standard (PCI DSS), Federal Information Processing Standard 140-3 (FIPS 140-3), Cryptographic Module Validation Program (CMVP), Common Criteria (ISO/IEC 15408) for incorporation into strategies
  • Provide subject matter expertise to project teams and other audiences as needed

What We’re Looking For

  • You have at least 5+ years of experience as an engineer with a Bachelor’s degree, or 2 years of experience with an advanced degree. Instead of a degree, 8+ years of relevant experience may suffice.
  • Experience in Payments or Financial Services specific to key management
  • Experience with Payment Card Industry Data Security Standard (PCI DSS), Federal Information Processing Standard 140-3 (FIPS 140-3), Cryptographic Module Validation Program (CMVP), Common Criteria (ISO/IEC 15408) compliance requirements and implementation
  • Deep expertise with HSM, KMS, and cloud-based KMS
  • Proven experience across management lifecycle (key generation, storage, distribution, backup, rotation, revocation, destruction, etc.)
  • Experience with encryption protocols (TLS, SSL, KMIP), secrets management, certificate management, certification authorities, registration authorities, root certification authorities, and PKI
  • Understanding of cloud computing architecture
  • Demonstrated experience creating positive team and cross-team dynamics
  • Strong analytical and problem-solving skills that enable navigation of complexity, uncertainty, risks and issues
  • Ability to work independently and with a team under minimum supervision
  • Proven ability to apply technical concepts to solve complex business challenges
  • Ability to network with key stakeholders across multiple teams to influence outcomes through well-articulated thoughts, strong presentation skills, and pragmatic solutions
  • Understand ownership and support positive outcomes
  • Remain constructive under pressure with a flexible working style


  • Previous experience with Thales, Cloud-based KMS offerings (such as those from AWS, IBM, and Azure), Hashicorp Vault, AWS Secrets Manager, and DigiCert
  • Experience with Java, Go, Rust, Python, C, C++, or Ruby
  • Experience with AWS cloud services, containerization technologies such as Kubernetes, and IaaC tooling such as Terraform or Helm

Your Manager

Recruiter For This Role

Compensation and Benefits

Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office. To support Flex First, we calibrate pay to a competitive value according to working location. Compensation is aligned according to three tiers within the United States:

  • National: A baseline tier that applies to most of the geographic territory of the United States.
  • Premium: Slightly elevated from the National tier, and oriented toward a narrower set of higher cost-of-living areas, such as Los Angeles CA and Seattle WA
  • Premium Plus: A tier for the most expensive working areas, like the San Francisco Bay area and New York City.

Visit this page or consult with a Recruiter to determine which tier would be applicable to you.

When determining salaries, we consider several factors including, but not limited to, skills, prior experience, and work location. The new-hire base salary range for this position is:

  • National: $121,950 - $162,600
  • Premium: $137,250 - $183,000
  • Premium Plus: $152,475 - $203,300

We also believe in recognizing the contributions of our people. That's why we award annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company.

Along with monetary compensation, Marqeta offers

  • Multiple health insurance options
  • Flexible time off – take what you need
  • Retirement savings program with company contribution
  • Equity in a publicly-traded company and an Employee Stock Purchase Program
  • Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave
  • Free therapy sessions, financial and professional coaching, and legal advice
  • Monthly stipend to support our remote work model
  • Annual “development dollars” to support our people growth and development

Equal Opportunity, Accommodations, and Privacy

Marqeta is proud to be an equal opportunity employer that gives consideration to all qualified applicants, irrespective of any characteristics protected by law. This includes (but is not limited to) race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, color, ancestry, and Veteran status. We consider qualified applicants from all backgrounds, without regard to criminal histories, in accordance with applicable legal requirements.

Our dedication to diversity and inclusion extends beyond the categories above. Review Marqeta’s ESG Report to see that dedication in action. Fostering an environment where everyone feels valued and respected creates a stronger and more innovative team at Marqeta. We celebrate the unique contributions of each individual and empower all members of our organization. Join us in building a company where diversity thrives and everyone can be their authentic selves.

If you require reasonable accommodation for the application process and beyond, please submit this form and we will be more than happy to assist you. Marqeta will make reasonable accommodations for candidates when needed in accordance with applicable law. The Applicant and Candidate Privacy Notice applies to the personal data that you directly provide to us or that we collect during the application and candidate recruitment process.