Sr. Infrastructure Security Engineer
Oakland, CA

Job Description

Named as a Forbes Fintech 50 in 2019, Marqeta powers modern payment solutions for companies innovating new services and process flows in a digital world. Our platform, open API, and advanced analytics provide unprecedented control for companies to issue cards, authorize transactions and manage payment operations in real-time.

We are a team of industry experts and technology innovators who take a dynamic approach to solving challenging problems. We power possibilities for our customers by bringing the best talent together in an open and collaborative work environment that rewards creativity and perseverance.

Marqeta is proud of its Oakland roots and strives to build a global team as diverse as the markets we serve, staying true to our values to Connect the Customer, Find a Way, Make Simple, Take Risk and Build One Marqeta. We are not expecting any single candidate to meet all job requirements listed below, so please apply. It's an exciting time to join Marqeta. As we grow, your career and opportunities will grow as well.

Position Summary

Marqeta is growing a fresh new Infrastructure Security Team with the goal of significantly improving industry standards in Secure Platform and Secure Service Delivery in the Payments space.

As a member of Marqeta's Infrastructure Security Team, you're responsible for design, development and implementation of our core platform and network security controls. Your work protects our most critical environments, as well as meets or exceeds the various regulatory compliance standards required in the Payments Industry. This role interfaces directly with Marqeta's Platform Engineering, SRE, and Network Engineering teams, and is vital to Marqeta's Product Security Program.

The Sr Infra Sec role supports build and deployment operations and produces reference implementations for secure services and architectures in AWS. You'll develop new strategies for authorization and access control frameworks, assist Platform and Infrastructure Eng with coherent process around change control, you'll define secure deployment standards, and you'll verify and validate internal DevOps practices, toolsets and artifacts.

The ideal candidate for this role has a strong desire to lead the organization in well considered Security Engineering methodologies, is seasoned in either AWS or GCP cloud-based services, has a strong passion for DevOps/SecDevOps/DevSecOps driven patterns, and an excellent ability to communicate across roles, teams and disciplines. You enjoy platform engineering work, and you're passionate about implementing new security patterns.

Marqeta is remote work positive and this role is offered in the scope of a distributed remote team.

Primary Responsibilities

* Build Self Service Tools for Infrastructure, Platform, and SRE Engineers
* Maintain Security Controls in Platform and Infrastructure Services
* Implement and Support End-to-End Transport Security and Proxy Layer Services
* Lead Infrastructure and Platform Design Reviews
* Implement and Maintain Security Patterns in Pre-Release and Post-Release Deployment
* Triage, Respond to and Investigate Security Incidents affecting Platform and Infra Services
* Implement and Maintain Platform and Infrastructure Threat Monitoring and Detection Tools
* Manage and Deploy Services for Security Team
* Mentor Marqeta App Sec, Infra, Platform and SRE Engineers
* Support Quarterly PCI Efforts

Requirements

* 3-5 years Demonstrable and Practical Experience in Systems and Infrastructure Engineering or Comparable Experience in a DevOps Role
* You pride yourself in a holistic approach to your work
* You have a sincere passion for Security Engineering as a discipline
* You're an excellent communicator
* You employ strong collaboration patterns and enjoy creating positive team dynamics
* You know how to own and support positive outcomes
* You remain constructive under pressure, with a flexible working style
* You have solid experience and consistency with remote work and engaging distributed teams
* Demonstrated experience in some combination of the following disciplines: incident response, detection tooling, vulnerability management, security operations, cloud security, infrastructure security, network security, security tools development
* Experience selecting and implementing tools for SIEM, IDS and vulnerability scanning
* Experience with automating new and existing processes and tools
* Experience with AWS, Java, Python, Ruby, and other modern open source languages and tools

Technical Skills

* Functional Development Experience and Proficiency in Python, Go or Ruby
* Functional Experience with Ansible, Terraform and Packer
* Experience with AWS Architecture and Service Deployment
* Experience with Container Technology (Docker, ECS, Kubernetes/K8s)
* Familiarity with Java and JVM based Application Stacks (e.g. Tomcat)
* Strong Knowledge of TLS-based Service Architectures
* Strong Experience with Linux Platforms (CentOS/Ubuntu/Debian/etc)
* Experience with Secure Deployment Specification
* Experience with Production Build Pipelines and CI/CD stacks (Ex. Jenkins, Nexus, Drone CI)
* Strong Interest in Automation Practices

Bonus Points

* Experience in Payments or Financial Services
* Experience with Remote Work

Perks

* Rich suite of benefit plans; employee premiums paid 100%
* Generous Paid Time Off
* Full paid Parental Leave
* Pet insurance
* 401k plan with a Company match
* Competitive pay
* Meaningful equity
* Bi-annual "Hack Week" to support and reward innovation
* Monthly commuter and parking subsidy
* Open, transparent culture that includes All Hands meetings, Lunch-and-Learns, all-company offsites, etc.
* Access to corporate gym membership rates, other discounts and employee perks
* Fully stocked kitchen, catered lunches twice a week, breakfast on Fridays and more!

We are committed to an inclusive and diverse workplace. Marqeta is an equal opportunity employer. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran status, genetic information, marital status or any other legally protected status.