Staff Adversarial Engineer

Marqeta is on a mission to change the way money moves. We’re one of the earliest enablers of embedded finance, a market opportunity sized up in the trillions. Our card issuing platform provides unprecedented flexibility and control for companies to issue cards, authorize transactions, and manage payment operations in real time. Marqeta is powering the most well known brands in the new economy (Block, Cash App, Affirm, Instacart, Doordash, Uber, Walmart, etc). Today nearly 8 out of 10 Americans use a product powered by Marqeta every week. This is the opportunity of a lifetime to work with innovators around the world and unlock equitable financial access for all.

We are looking for a Staff Adversarial Engineer with a passion for Product Security and a deep expertise in Penetration Testing. The ideal candidate will be excited about an opportunity to heavily contribute to the penetration testing, security architecture reviews and security best practices in cloud

We work Flexible First. This role can be performed remotely anywhere within the United States or from our Oakland office. We’d love for you to join us!

What You’ll Do

• Initiate and lead all phases of penetration tests and red team activities, including Scoping, Planning, Communications, and Execution of key activities (Reconnaissance, Vulnerability identification, Exploitation, and Reporting)
• Conduct penetration tests across Web applications, APIs, Mobile applications, infrastructure, cloud environments, and devices
• Conduct red team engagements across complex environments (including operational technologies)
• Experience in Supply Chain Security Risks identification and management
• Liaison compliance driven web application penetration tests with external vendors
• Triage vulnerability reports submitted to our Bug Bounty program – includes tracking and responding to submissions, coordinating with teams to triage and resolve issues, and providing feedback to security researchers
• Engagement with Core Engineering leads to ensure timely risk remediation
• Work closely with development teams to design and implement strategies for enhanced shift-left security within the SSDLC
• Take a role in the definition of relevant product security architecture strategies, roadmaps, policies, standards, and procedures
• Maintain and update relevant solutions and tooling to support new business requirements while ensuring a consistent, compliant, and central service delivery
• Document operational procedures (such as those for deployments, breakglass plans etc.) as well as current state architecture and configurations
• Provide on-call rotation support to relevant services and tooling
• Provide subject matter expertise to …