jobloom

JobLoom finds jobs directly from company career sites before many job boards, then routes you into detailed role pages like this one.

security

Posted May 7

Senior Security Engineer - Cloud Identity

at Marqeta

Toronto, CanadaOn-site

Responsibilities

  • Building and evolving our Identity Governance and Administration (IGA) capabilities.
  • Develop and lead implementation of robust IAM strategies aligned with cloud-native architecture and security principles.
  • Expand and operationalize the IAM program across IGA, PAM, SSO, MFA, access management, secrets management, and certificate lifecycle.
  • Automate identity provisioning, de-provisioning, and access reviews using AI tools and infrastructure-as-code.
  • Design IAM integrations for AWS-native services (Lambda, EC2, S3, IAM, etc.), SaaS platforms, and third-party identity tools (e.g., Okta, CyberArk).
  • Promote and enforce least privilege and zero-trust principles through scalable access controls and policy automation.
  • Mentor junior engineers and serve as a technical lead for IAM-related projects.
  • Collaborate with Security, DevOps, and Infrastructure teams to embed IAM controls across the engineering lifecycle.

Requirements

  • We’re seeking an experienced Senior Security Engineer with a strong passion for Identity and Access Management(IAM) and proven expertise in cloud-native environments , particularly AWS .
  • Implementing & Operating Privileged Access Management (PAM) in a cloud-first (AWS-focused) environment.
  • Driving integration of IAM across AWS services, SaaS platforms, and developer/DevOps pipelines.
  • Designing identity and access controls to protect AI/ML systems—ensuring secure access to training data, models, and inference APIs.
  • experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience. Strong
  • experience with IAM tools (e.g., Okta, CyberArk, Ping, SailPoint).
  • Deep knowledge of IAM in cloud-native environments, especially AWS IAM, roles, policies, permissions boundaries, and federation.
  • Proficiency in infrastructure-as-code (e.g., Terraform, CloudFormation).
  • Familiarity with authentication and authorization protocols (SAML, OAuth2, OpenID Connect, Kerberos).
  • Strong grasp of directory services like Active Directory, LDAP, and cloud-based alternatives.
  • Hands-on skills in scripting (e.g., Python, PowerShell) to automate IAM operations.
  • Solid understanding of compliance standards: NIST, SOC 2, PCI DSS, etc. Proven
  • Relevant certifications such as CISSP, CISM, or IAM-specific credentials (e.g., CIAM/CAMS, CyberArk Certified, Okta Certified Consultant). •
  • Experience with AWS technologies such as Lambda, S3, DynamoDB, RDS, Aurora, SNS, SQS, CloudTrail, CloudWatch, Code Pipeline, AWS Developer Tools, and IAM roles and permissions •
  • Experience with DevOps tools and practices, including secrets management and CICD pipelines Manager Sandeep Chotwani
  • – Solve for the Customer: With a deep understanding of our customers' business and empathy for their needs, we deliver products and services that drive their success.
  • – Make it Count: We drive forward with focus and agility. With a sense of urgency and purpose, we get the job done, and done right.

Benefits

  • Recruiter for this role Kayla Osuna Compensation and Benefits
  • When determining salaries, we consider several factors including, but not limited to, skills, prior experience, and work location.
  • The new-hire base salary range for this position, reflected in CAD, is: 136,800 - 171,000
  • We also believe in recognizing the contributions of our people. That's why we award annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company.
  • Along with monetary compensation, Marqeta offers
  • Multiple health insurance options
  • Flexible vacation time
  • Retirement savings program with company contribution
  • Equity in a publicly-traded company
  • Monthly stipend to support our remote work model
  • Annual “development dollars” to support our people growth and development Family-forming
  • benefits and up to 20 weeks of Parental Leave About Marqeta

Additional details

  • In this role, you’ll help shape and implement modern identity strategies to secure access across all of Marqeta’s systems and services—100% cloud-based, with no data center footprint.
  • Join us in building a secure, scalable, and frictionless IAM program where you’ll play a crucial part in:
  • Designing and architecting a Certificate Lifecycle Management solution that supports cloud-native workloads.
  • Stay ahead of emerging trends and continuously refine IAM strategy based on evolving cloud threats and compliance requirements. Who You Are
  • experience integrating IAM into CI/CD pipelines, secrets management, and DevOps workflows.
  • Excellent communication skills and ability to influence and lead cross-functional teams. Nice to have
  • Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office.
  • To support Flex First, we calibrate pay to a competitive value according to working location.
  • Marqeta is on a mission to change the way money moves.
  • We’re one of the earliest enablers of embedded finance, a market opportunity sized up in the trillions.

Find more real-time jobs on JobLoom.