Senior Security Engineer - Cloud Identity

We’re seeking an experienced Senior Security Engineer with a strong passion for Identity and Access Management(IAM) and proven expertise in cloud-native environments, particularly AWS. In this role, you’ll help shape and implement modern identity strategies to secure access across all of Marqeta’s systems and services—100% cloud-based, with no data center footprint.

Join us in building a secure, scalable, and frictionless IAM program where you’ll play a crucial part in:

• Building and evolving our Identity Governance and Administration (IGA) capabilities.
• Implementing & Operating Privileged Access Management (PAM) in a cloud-first (AWS-focused) environment.
• Designing and architecting a Certificate Lifecycle Management solution that supports cloud-native workloads.
• Driving integration of IAM across AWS services, SaaS platforms, and developer/DevOps pipelines.
• Designing identity and access controls to protect AI/ML systems—ensuring secure access to training data, models, and inference APIs.

• Develop and lead implementation of robust IAM strategies aligned with cloud-native architecture and security principles.
• Expand and operationalize the IAM program across IGA, PAM, SSO, MFA, access management, secrets management, and certificate lifecycle.
• Automate identity provisioning, de-provisioning, and access reviews using AI tools and infrastructure-as-code.
• Design IAM integrations for AWS-native services (Lambda, EC2, S3, IAM, etc.), SaaS platforms, and third-party identity tools (e.g., Okta, CyberArk).
• Promote and enforce least privilege and zero-trust principles through scalable access controls and policy automation.
• Mentor junior engineers and serve as a technical lead for IAM-related projects.
• Collaborate with Security, DevOps, and Infrastructure teams to embed IAM controls across the engineering lifecycle.
• Stay ahead of emerging trends and continuously refine IAM strategy based on evolving cloud threats and compliance requirements.

• A minimum of 8 years related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
• Strong experience with IAM tools (e.g., Okta, CyberArk, Ping, SailPoint).
• Deep knowledge of IAM in cloud-native environments, especially AWS IAM, roles, policies, permissions boundaries, and federation.
• Proficiency in infrastructure-as-code (e.g., Terraform, CloudFormation).
• Familiarity with authentication and authorization protocols (SAML, OAuth2, OpenID Connect, Kerberos).
• Strong grasp of directory services like Active Directory, LDAP, and cloud-based alternatives.
• Hands-on skills in scripting (e.g., Python, PowerShell) to automate IAM operations.
• Solid understanding of compliance standards: NIST, SOC 2, PCI DSS, etc.
• Proven experience integrating IAM into CI/CD pipelines, secrets management, and DevOps workflows.
• Excellent communication skills and ability to influence and lead cross-functional teams.

• Relevant certifications such as CISSP, CISM, or IAM-specific credentials (e.g., CIAM/CAMS, CyberArk Certified, Okta Certified Consultant).
• Experience with AWS technologies such as Lambda, S3, DynamoDB, RDS, Aurora, SNS, SQS, CloudTrail, CloudWatch, Code Pipeline, AWS Developer Tools, and IAM roles and permissions
• Experience with DevOps tools and practices, including secrets management and CICD pipelines

• Sandeep Chotwani

• Kayla Osuna