Senior Security Engineer - Cloud Identity

<p>We’re seeking an experienced Senior Security Engineer with a strong passion for <strong>Identity and Access Management(IAM) </strong>and proven expertise in <strong>cloud-native environments</strong>, particularly <strong>AWS</strong>. In this role, you’ll help shape and implement modern identity strategies to secure access across all of Marqeta’s systems and services—100% cloud-based, with no data center footprint.</p> <p>Join us in building a secure, scalable, and frictionless IAM program where you’ll play a crucial part in:</p> <ul> <li>Building and evolving our Identity Governance and Administration (IGA) capabilities.</li> <li>Implementing &amp; Operating Privileged Access Management (PAM) in a cloud-first (AWS-focused) environment.</li> <li>Designing and architecting a Certificate Lifecycle Management solution that supports cloud-native workloads.</li> <li>Driving integration of IAM across AWS services, SaaS platforms, and developer/DevOps pipelines.</li> <li>Designing identity and access controls to protect AI/ML systems—ensuring secure access to training data, models, and inference APIs.</li> </ul> <p><strong>The Impact You’ll Have</strong></p> <ul> <li>Develop and lead implementation of robust IAM strategies aligned with cloud-native architecture and security principles.</li> <li>Expand and operationalize the IAM program across IGA, PAM, SSO, MFA, access management, secrets management, and certificate lifecycle.</li> <li>Automate identity provisioning, de-provisioning, and access reviews using AI tools and infrastructure-as-code.</li> <li>Design IAM integrations for AWS-native services (Lambda, EC2, S3, IAM, etc.), SaaS platforms, and third-party identity tools (e.g., Okta, CyberArk).</li> <li>Promote and enforce least privilege and zero-trust principles through scalable access controls and policy automation.</li> <li>Mentor junior engineers and serve as a technical lead for IAM-related projects.</li> <li>Collaborate with Security, DevOps, and Infrastructure teams to embed IAM controls across the engineering lifecycle.</li> <li>Stay ahead of emerging trends and continuously refine IAM strategy based on evolving cloud threats and compliance requirements.</li> </ul> <p><strong>Who You Are</strong></p> <ul> <li>A minimum of 8 years related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.</li> <li>Strong experience with IAM tools (e.g., Okta, CyberArk, Ping, SailPoint).</li> <li>Deep knowledge of IAM in cloud-native environments, especially AWS IAM, roles, policies, permissions boundaries, and federation.</li> <li>Proficiency in infrastructure-as-code (e.g., Terraform, CloudFormation).</li> <li>Familiarity with authentication and authorization protocols (SAML, OAuth2, OpenID Connect, Kerberos).</li> <li>Strong grasp of directory services like Active Directory, LDAP, and cloud-based alternatives.</li> <li>Hands-on skills in scripting (e.g., Python, PowerShell) to automate IAM operations.</li> <li>Solid understanding of compliance standards: NIST, SOC 2, PCI DSS, etc.</li> <li>Proven experience integrating IAM into CI/CD pipelines, secrets management, and DevOps workflows.</li> <li>Excellent communication skills and ability to influence and lead cross-functional teams.</li> </ul> <p><strong>Nice to have</strong></p> <ul> <li>Relevant certifications such as CISSP, CISM, or IAM-specific credentials (e.g., CIAM/CAMS, CyberArk Certified, Okta Certified Consultant).</li> <li>Experience with AWS technologies such as Lambda, S3, DynamoDB, RDS, Aurora, SNS, SQS, CloudTrail, CloudWatch, Code Pipeline, AWS Developer Tools, and IAM roles and permissions</li> <li>Experience with DevOps tools and practices, including secrets management and CICD pipelines</li> </ul> <p><strong>Manager</strong></p> <ul> <li><a href="mailto:schotwani@marqeta.com"><span data-rich-links="{&quot;per_n&quot;:&quot;Sandeep Chotwani&quot;,&quot;per_e&quot;:&quot;schotwani@marqeta.com&quot;,&quot;type&quot;:&quot;person&quot;}">Sandeep Chotwani</span></a></li> </ul> <p><strong>Recruiter for this role</strong></p> <ul> <li>Kayla Osuna</li> </ul> <p><strong>Compensation and Benefits</strong></p> <p>Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office. To support Flex First, we calibrate pay to a competitive value according to working location.&nbsp;</p> <p>When determining salaries, we consider several factors including, but not limited to, skills, prior experience, and work location. The new-hire <strong>base salary</strong> range for this position, reflected in CAD, is: 136,800 - 171,000</p> <p>We also believe in recognizing the contributions of our people. That's why we award annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company.</p> <p>Along with monetary compensation, Marqeta offers</p> <ul> <li>Multiple health insurance options</li> <li>Flexible vacation time</li> <li>Retirement savings program with company contribution</li> <li>Equity in a publicly-traded company&nbsp;</li> <li>Monthly stipend to support our remote work model</li> <li>Annual “development dollars” to support our people growth and development</li> <li>Family-forming benefits and up to 20 weeks of Parental Leave</li> </ul> <p>&nbsp;</p>