Are you looking to join an innovative organization powering payments for the next generation of fintech and commerce innovators? Marqeta has built the world’s first open API issuer processor platform from scratch, powering prepaid, debit, and credit cards for the most recognizable names in financial technology, alternative lending, on-demand services and e-commerce. Marqeta has become the leader in payment innovation. Our company is comprised of a team of industry experts, a dynamic approach to working on challenging problems, and an open environment and culture that is focused on ideas and innovation.
Not only do we have an inspiring and innovative culture, but only Marqeta can offer you a chance to help redefine the payments industry. As a testament to the company we've collectively built, our world-class team voted Marqeta one of the Bay Area’s Best Places to Work.
Marqeta is proud of its Oakland roots and strives to build a team as diverse as the cities in which we operate. Underrepresented populations are encouraged to apply.
Marqeta is growing a fresh Application Security Team with the goal of significantly improving industry standards in Secure Application Development in the Payments space.
As a member of the Application Security Engineer (ASE) Team, you serve as a key contributor to Marqeta’s open payments platform. This role supports the safety and security of our customer’s payments, ensuring the growth of an innovative platform that provides direct access to a strong suite of Payment Card Issuer/Processor APIs. Our long term goal is the development of a strong Product Security Program that protects the global development and deployment of payment and virtual cards as well as mobile authorization.
Our ASEs define Security Engineering standards and practices around Secure Code, Continuous Delivery/Integration, Pre and Post Release S-SDLC, Verification/Validation models, Penetration Testing and innovative Security tooling designed around self-service and rich integration models.
You'll work closely with Marqeta’s Frontend and Backend Engineers, you'll contribute to critical design input for API development and service architectures, and you’ll assist the company in developing strong engineering practices in support of Product Security. Our goal is to both enhance the workflow of our engineers with security-centric tool sets and implement innovative methods of testing code in the pre-release phase.
The ideal candidate has a strong core skill set in two or more of the following areas - Automation, QE Testing, Security Engineering, REST API Design, and/or Strong Knowledge in Modern App Frameworks (esp ReactJS, Rails, or Tomcat). You’re knowledgeable and conversant in common vulnerabilities affecting modern web applications, familiar with modern cloud and datacenter based infrastructure, are looking to grow strong application security experience, and you intend to be an excellent communicator and collaborator. Our ASEs are particularly concerned with scaleable tooling strategies and strong process and practice management, which includes constant refinement in how we engage with our cross-functional team of engineers.
- Build Self Service Tools for QE, Frontend and Backend Engineers
- Assist with Definition, Implementation, and Maintenance of S-SDLC
- Lead Application Security Assessments and Design Reviews
- Execute Critical Validation/Verification Functions in Pre- and Post-Release
- Implement SAST, DAST and Coherent Dependency Vuln Management into the Build Pipeline
- Execute Greybox and Whitebox Application Security Assessments
- Execute and Support HTTP/S Service-Layer Pen-Testing
- Develop Security Training and Guidelines for Engineers
- Build and Enhance S/W Testing Strategies with Specialized End-to-End Clients, RSpec, Puppeteer and Selenium-Based Test Cases
- Lead Software Vulnerability Management and Risk Mitigation Practices
- Offer Guidance and Leadership in PCI Compliance
- Demonstrable and Practical Experience in an Development or Security Engineering Role
- You have a passion for Security and Engineering as a discipline
- You’re an excellent communicator
- You employ strong collaboration patterns and enjoy creating positive team dynamics
- You know how to own and support positive outcomes
- You remain constructive under pressure, with a flexible working style
- Functional Development Experience in Python, Go, JS, Ruby, or Java
- Functional Experience with Testing Frameworks and Modern Testing Paradigms (BDD, TDD, and similar)
- Strong Knowledge of OWASP and Common Software Vulnerabilities
- Solid Understanding of Secure Coding/Development Practices
- Experience with Production Build Pipeline and CI/CD stacks (Ex. Jenkins, Nexus, Drone CI)
- Demonstrable Experience with Python, Ruby, JS and/or Go Tool Development
- Strong Interest in Automation Practices
- Familiarity and Interest in Cloud Services and SAAS Platforms (AWS, GCP)
- Ability to Communicate Technical Details and Concepts Clearly
- Strong Capacity to Speak and Act with Candor and Empathy
Nice to Have
- Familiarity with Java and JVM based Application Stacks (e.g. Tomcat)
- Solid Knowledge of OAuth and SAML
- Strong Knowledge of HTTP/S Service Architectures
- Strong Knowledge of Transport Security, specifically TLS and CAs
- Be a member of an exceptional team - we’re growing and your career and opportunities with us will, too!
- Rich suite of benefit plans - Employee premiums paid 100%
- Generous Paid Time Off plan
- Market-leading fully paid Parental Leave
- Retirement savings - 401k plan with a Company match
- Meaningful Equity
- Bi-annual Hack Weeks to support and reward innovation
- Beautiful downtown Oakland office in a great location, with stunning views of Lake Merritt
- Conveniently located close to public transportation
- Open, transparent culture that includes weekly All Hands meetings, Lunch-and-Learns, all-company offsite, etc.
- Commuter and Parking monthly subsidy
- Access to corporate gym membership rates and other discounts and employee perks!
- Fully stocked kitchen, catered lunches twice a week, breakfast on Fridays, and more!