remote

Senior Security Engineer - Cloud Identity

Security Engineer - Cloud Identity

Senior Security Engineer - Cloud Identity position — see original posting for full details.

About the role

We’re seeking an experienced Senior Security Engineer with a strong passion for Identity and Access Management(IAM) and proven expertise in cloud-native environments , particularly AWS . In this role, you’ll help shape and implement modern identity strategies to secure access across all of Marqeta’s systems and services—100% cloud-based, with no data center footprint.

Join us in building a secure, scalable, and frictionless IAM program where you’ll play a crucial part in:

Building and evolving our Identity Governance and Administration (IGA) capabilities.
Implementing & Operating Privileged Access Management (PAM) in a cloud-first (AWS-focused) environment.
Designing and architecting a Certificate Lifecycle Management solution that supports cloud-native workloads.
Driving integration of IAM across AWS services, SaaS platforms, and developer/DevOps pipelines.
Designing identity and access controls to protect AI/ML systems—ensuring secure access to training data, models, and inference APIs.

The Impact You’ll Have

Develop and lead implementation of robust IAM strategies aligned with cloud-native architecture and security principles.
Expand and operationalize the IAM program across IGA, PAM, SSO, MFA, access management, secrets management, and certificate lifecycle.
Automate identity provisioning, de-provisioning, and access reviews using AI tools and infrastructure-as-code.
Design IAM integrations for AWS-native services (Lambda, EC2, S3, IAM, etc.), SaaS platforms, and third-party identity tools (e.g., Okta, CyberArk).
Promote and enforce least privilege and zero-trust principles through scalable access controls and policy automation.
Mentor junior engineers and serve as a technical lead for IAM-related projects.
Collaborate with Security, DevOps, and Infrastructure teams to embed IAM controls across the engineering lifecycle.
Stay ahead of emerging trends and continuously refine IAM strategy based on evolving cloud threats and compliance requirements.

Who You Are

A minimum of 8 years related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
Strong experience with IAM tools (e.g., Okta, CyberArk, Ping, SailPoint).
Deep knowledge of IAM in cloud-native environments, especially AWS IAM, roles, policies, permissions boundaries, and federation.
Proficiency in infrastructure-as-code (e.g., Terraform, CloudFormation).
Familiarity with authentication and authorization protocols (SAML, OAuth2, OpenID Connect, Kerberos).
Strong grasp of directory services like Active Directory, LDAP, and cloud-based alternatives.
Hands-on skills in scripting (e.g., Python, PowerShell) to automate IAM operations.
Solid understanding of compliance

About the role

Join us in building a secure, scalable, and frictionless IAM program where you’ll play a crucial part in:

Building and evolving our Identity Governance and Administration (IGA) capabilities.
Implementing & Operating Privileged Access Management (PAM) in a cloud-first (AWS-focused) environment.
Designing and architecting a Certificate Lifecycle Management solution that supports cloud-native workloads.
Driving integration of IAM across AWS services, SaaS platforms, and developer/DevOps pipelines.
Designing identity and access controls to protect AI/ML systems—ensuring secure access to training data, models, and inference APIs.

The Impact You’ll Have

Develop and lead implementation of robust IAM strategies aligned with cloud-native architecture and security principles.
Expand and operationalize the IAM program across IGA, PAM, SSO, MFA, access management, secrets management, and certificate lifecycle.
Automate identity provisioning, de-provisioning, and access reviews using AI tools and infrastructure-as-code.
Design IAM integrations for AWS-native services (Lambda, EC2, S3, IAM, etc.), SaaS platforms, and third-party identity tools (e.g., Okta, CyberArk).
Promote and enforce least privilege and zero-trust principles through scalable access controls and policy automation.
Mentor junior engineers and serve as a technical lead for IAM-related projects.
Collaborate with Security, DevOps, and Infrastructure teams to embed IAM controls across the engineering lifecycle.
Stay ahead of emerging trends and continuously refine IAM strategy based on evolving cloud threats and compliance requirements.

Who You Are

A minimum of 8 years related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
Strong experience with IAM tools (e.g., Okta, CyberArk, Ping, SailPoint).
Deep knowledge of IAM in cloud-native environments, especially AWS IAM, roles, policies, permissions boundaries, and federation.
Proficiency in infrastructure-as-code (e.g., Terraform, CloudFormation).
Familiarity with authentication and authorization protocols (SAML, OAuth2, OpenID Connect, Kerberos).
Strong grasp of directory services like Active Directory, LDAP, and cloud-based alternatives.
Hands-on skills in scripting (e.g., Python, PowerShell) to automate IAM operations.
Solid understanding of compliance

Senior Security Engineer - Cloud Identity

About the role

Senior Security Engineer - Cloud Identity

About the role

Skills