security
Posted May 7Senior Security Engineer - Cloud Identity
at Marqeta
Toronto, CanadaOn-site
Responsibilities
- Building and evolving our Identity Governance and Administration (IGA) capabilities.
- Develop and lead implementation of robust IAM strategies aligned with cloud-native architecture and security principles.
- Expand and operationalize the IAM program across IGA, PAM, SSO, MFA, access management, secrets management, and certificate lifecycle.
- Automate identity provisioning, de-provisioning, and access reviews using AI tools and infrastructure-as-code.
- Design IAM integrations for AWS-native services (Lambda, EC2, S3, IAM, etc.), SaaS platforms, and third-party identity tools (e.g., Okta, CyberArk).
- Promote and enforce least privilege and zero-trust principles through scalable access controls and policy automation.
- Mentor junior engineers and serve as a technical lead for IAM-related projects.
- Collaborate with Security, DevOps, and Infrastructure teams to embed IAM controls across the engineering lifecycle.
Requirements
- We’re seeking an experienced Senior Security Engineer with a strong passion for Identity and Access Management(IAM) and proven expertise in cloud-native environments , particularly AWS .
- Implementing & Operating Privileged Access Management (PAM) in a cloud-first (AWS-focused) environment.
- Driving integration of IAM across AWS services, SaaS platforms, and developer/DevOps pipelines.
- Designing identity and access controls to protect AI/ML systems—ensuring secure access to training data, models, and inference APIs.
- experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience. Strong
- experience with IAM tools (e.g., Okta, CyberArk, Ping, SailPoint).
- Deep knowledge of IAM in cloud-native environments, especially AWS IAM, roles, policies, permissions boundaries, and federation.
- Proficiency in infrastructure-as-code (e.g., Terraform, CloudFormation).
- Familiarity with authentication and authorization protocols (SAML, OAuth2, OpenID Connect, Kerberos).
- Strong grasp of directory services like Active Directory, LDAP, and cloud-based alternatives.
- Hands-on skills in scripting (e.g., Python, PowerShell) to automate IAM operations.
- Solid understanding of compliance standards: NIST, SOC 2, PCI DSS, etc. Proven
- Relevant certifications such as CISSP, CISM, or IAM-specific credentials (e.g., CIAM/CAMS, CyberArk Certified, Okta Certified Consultant). •
- Experience with AWS technologies such as Lambda, S3, DynamoDB, RDS, Aurora, SNS, SQS, CloudTrail, CloudWatch, Code Pipeline, AWS Developer Tools, and IAM roles and permissions •
- Experience with DevOps tools and practices, including secrets management and CICD pipelines Manager Sandeep Chotwani
- – Solve for the Customer: With a deep understanding of our customers' business and empathy for their needs, we deliver products and services that drive their success.
- – Make it Count: We drive forward with focus and agility. With a sense of urgency and purpose, we get the job done, and done right.
Benefits
- Recruiter for this role Kayla Osuna Compensation and Benefits
- When determining salaries, we consider several factors including, but not limited to, skills, prior experience, and work location.
- The new-hire base salary range for this position, reflected in CAD, is: 136,800 - 171,000
- We also believe in recognizing the contributions of our people. That's why we award annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company.
- Along with monetary compensation, Marqeta offers
- Multiple health insurance options
- Flexible vacation time
- Retirement savings program with company contribution
- Equity in a publicly-traded company
- Monthly stipend to support our remote work model
- Annual “development dollars” to support our people growth and development Family-forming
- benefits and up to 20 weeks of Parental Leave About Marqeta
Additional details
- In this role, you’ll help shape and implement modern identity strategies to secure access across all of Marqeta’s systems and services—100% cloud-based, with no data center footprint.
- Join us in building a secure, scalable, and frictionless IAM program where you’ll play a crucial part in:
- Designing and architecting a Certificate Lifecycle Management solution that supports cloud-native workloads.
- Stay ahead of emerging trends and continuously refine IAM strategy based on evolving cloud threats and compliance requirements. Who You Are
- experience integrating IAM into CI/CD pipelines, secrets management, and DevOps workflows.
- Excellent communication skills and ability to influence and lead cross-functional teams. Nice to have
- Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office.
- To support Flex First, we calibrate pay to a competitive value according to working location.
- Marqeta is on a mission to change the way money moves.
- We’re one of the earliest enablers of embedded finance, a market opportunity sized up in the trillions.