Intern - Security Operations

As Marqeta’s Security Operations Intern, you will gain hands-on experience building and validating security operations capabilities for a publicly traded payments technology company. You’ll join the Security Operations and Response team within the Product and Infrastructure Security organization, where you’ll validate and formalize incident response procedures, develop SOAR-based runbook automations, and design tabletop exercises that test our operational readiness against real-world threat scenarios. This role is grounded in security operations fundamentals—procedure development, incident response methodology, and team coordination—with opportunities for exposure to detection engineering and automation workflows.

We work Flexible First. This role can be performed remotely anywhere within Ontario or British Columbia, Canada. We’d love for you to join us!

This will be a 12 week internship program, beginning on June 8th and running through August 28th, 2026.

This position is not for an existing vacancy.

• Validate and formalize incident response procedures aligned to Marqeta’s Cybersecurity Incident Response Plan (CIRP), ensuring documentation is accurate, current, and actionable for both human operators and AI-assisted workflows
• Develop SOAR runbook automations in Cortex XSOAR that operationalize validated procedures, translating human-readable response steps into repeatable, automated workflows
• Design and facilitate a series of tabletop exercises within the Security organization that test procedure effectiveness, team coordination, and escalation paths across security functions including Security Operations, Compliance/TPRM, and Identity
• Contribute to post-exercise improvement reports that drive measurable enhancements to Marqeta’s security posture and operational readiness
• Gain exposure to detection engineering and automation workflows, including opportunities to observe and contribute to the team’s detections-as-code pipeline and MITRE ATT&CK coverage mapping

• Currently pursuing a Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Systems, or a related field, with an expected graduation date between December 2025 and June 2027
• Foundational knowledge of security operations concepts including log analysis, intrusion detection, incident response lifecycles (NIST or similar), and common attack techniques
• Familiarity with at least one scripting or programming language (Python, Bash, or similar) and comfort working in Linux and cloud environments (AWS preferred)
• Strong written communication skills with the ability to translate technical processes into clear, structured documentation suitable for both operational use and executive audiences
• Interest in incident response methodology, security procedure development, and operational readiness—you care about how security teams actually execute under pressure
• A proactive, detail-oriented approach to problem-solving with the ability to work independently while knowing when to escalate or ask for guidance

• Relevant certifications or coursework such as CompTIA Security+, CySA+, BTL1, or GIAC certifications
• Experience with SOAR platforms (Cortex XSOAR, Tines, or similar), SIEM platforms, or EDR tools
• Prior internship, co-op, or project experience in a security operations center (SOC) or incident response context
• Understanding of or interest in the MITRE ATT&CK framework and how it applies to detection and response operations
• Exposure to compliance frameworks relevant to financial services such as PCI DSS
• Experience facilitating exercises, workshops, or structured reviews in any context

• Application Submission
• Recruiter Video Call
• Hiring Manager Video Call
• Final Round consisting of 1-2, 45-60 min calls
• Offer!

At this point, we hope you're feeling excited about the role. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so again, don’t hesitate to apply — we’d love to hear from you.