Staff Security Engineer - EU / UK

Marqeta, Inc.

Job Overview

Location

Job Type

Full-time

Full Job Description

📋 Description

• As a Staff Security Engineer based in the UK, you will be a pivotal technical leader within Marqeta's Security Operations and Response Team, playing a critical role in safeguarding our rapidly growing global platform.
• This senior position demands a proactive and expert approach to cybersecurity, with a primary focus on leading and maturing our incident response program. You will be instrumental in ensuring Marqeta is prepared for, can effectively detect, contain, eradicate, recover from, and learn from security incidents.
• Your responsibilities will include the day-to-day monitoring of Marqeta's extensive environment for potential cyber threats, meticulously analyzing security alerts, triaging them, and executing appropriate and timely response actions to mitigate risks.
• You will serve as the Incident Commander during security events, regardless of their severity. This involves taking charge, directing investigation strategies, coordinating complex cross-functional response efforts, and making critical decisions under pressure to minimize impact.
• A core aspect of your role will be to deliver services aligned with the NIST Incident Response Lifecycle. This means establishing and refining processes for preparation, detection, containment, eradication, recovery, and post-incident analysis, ensuring a robust and repeatable framework.
• You will be responsible for maintaining and updating the Cybersecurity Incident Response Plan (CIRP), ensuring it remains current, effective, and compliant with relevant government and law enforcement reporting requirements, working closely with the CISO.
• To ensure consistency and efficiency, you will document and maintain comprehensive Security Operations processes, detailed procedures, playbooks, and runbooks, enabling the team to respond effectively and uniformly to various security scenarios.
• This role requires participation in a 24x7 on-call rotation, providing expert-level guidance during critical security incidents and leading thorough post-incident reviews to identify root causes and implement preventative measures.
• You will proactively engage with threat intelligence sources, developing and leading hypothesis-driven threat hunting initiatives. This involves actively searching for and uncovering sophisticated threats within both our corporate and production environments.
• Collaboration is key. You will work closely with the Security Engineering team to fine-tune existing security solutions, enhance our detection capabilities, and leverage your business knowledge to improve the overall effectiveness of our security monitoring.
• A significant part of your contribution will involve designing, developing, and maintaining detection logic using a modern 'detections-as-code' approach. You will collaborate with Security Solution Engineering to deploy these detections seamlessly through CI/CD pipelines into our SIEM and EDR platforms.
• You will maintain and expand our detection coverage, mapping it meticulously to the MITRE ATT&CK framework. This includes identifying gaps in visibility and prioritizing the development of new detections based on emerging threat intelligence and Marqeta's specific business risks.
• You will act as a crucial liaison with external parties such as HR, law enforcement agencies, incident response retainers, and cyber insurers when necessary, including coordinating efforts for cyber-crime financial fraud use cases.
• A vital leadership component involves mentoring other security team members, sharing your expertise in incident response methodologies, and collaborating with senior leadership to clearly communicate security risks and provide strategic recommendations for improvement.
• You will partner closely with our Fraud, Compliance, and Risk teams to effectively manage security events that involve sensitive payment systems, cardholder data, or critical regulatory reporting obligations under PCI DSS and related frameworks.
• This role offers the opportunity to work remotely from anywhere in the UK, providing flexibility while contributing to a critical function within a leading fintech company.

🎯 Requirements

• 8+ years of hands-on experience in security operations, with deep, demonstrable expertise in incident response, digital forensics, and threat hunting.
• Proven experience serving as an incident commander, adept at managing response workflows and making critical decisions under pressure during security events of varying severity.
• Advanced knowledge of the NIST Incident Response Lifecycle and practical experience developing effective incident response documentation, procedures, and playbooks.
• Expert-level proficiency with a range of security monitoring and forensic tools, including Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR) systems.
• Experience developing and maintaining detections-as-code, including familiarity with version control systems (e.g., Git), CI/CD pipelines, and detection testing frameworks.
• Working knowledge of the MITRE ATT&CK framework and its application in assessing detection coverage, mapping threat actor Tactics, Techniques, and Procedures (TTPs), and prioritizing detection engineering efforts.
• Experience conducting thorough post-incident reviews and a proven ability to implement security improvements based on lessons learned.
• Strong understanding of current threat actor TTPs and the ability to apply threat intelligence effectively to enhance detection and response capabilities.
• Experience tuning security solutions and developing automation workflows to improve monitoring effectiveness and response efficiency.
• Advanced knowledge of AWS cloud services and best practices for securing cloud environments.
• Ability to effectively communicate complex technical information and security risks to both technical peers and executive stakeholders during high-stakes security incidents and investigations.
• Experience in payment processing, fintech, or other highly regulated environments is a significant advantage; familiarity with PCI DSS incident handling requirements is a plus.
• Proven ability to work independently, exercise sound judgment, and know when to engage team members or escalate issues.
• Strong mentorship abilities with a track record of developing junior security professionals in incident response techniques.

🏖️ Benefits

• Premium Private Medical and Dental coverage for you and your dependents.
• Generous time off program, including additional “Floating Holiday days” to ensure work-life balance.
• Comprehensive retirement savings program with a company contribution to help you plan for the future.
• Equity in a publicly-traded company and an Employee Stock Purchase Program (ESPP) to share in Marqeta's success.
• Monthly stipend to support your remote work setup and enhance your home office environment.
• Annual development stipend to invest in your professional growth and continuous learning.
• Family-forming benefits and up to 20 weeks of paid Parental Leave to support new parents.
• Access to comprehensive wellbeing programs, including Modern Health and HealthKick, offering a holistic approach to employee wellness.

Skills & Technologies

AWS

Senior

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Marqeta, Inc.

Visit Website

About Marqeta, Inc.

Marqeta provides an open-API card issuing and payment processing platform that enables businesses to create, deploy, and manage virtual, physical, and tokenized payment cards. Its cloud-native infrastructure offers real-time authorization, just-in-time funding, spend controls, and data insights, supporting use cases such as on-demand delivery, expense management, and consumer fintech products. Clients embed financial services without legacy banking integrations, accelerating time to market while maintaining compliance and security standards.

View Company Profile