Listing Description
Are you looking to join an innovative organization powering payments for the next generation of fintech and commerce innovators? Marqeta has built the world’s first open API issuer processor platform from scratch, powering prepaid, debit, and credit cards for the most recognizable names in financial technology, alternative lending, on-demand services and e-commerce. Marqeta has become the leader in payment innovation. Our company is comprised of a team of industry experts, a dynamic approach to working on challenging problems, and an open environment and culture that is focused on ideas and innovation.
Not only do we have an inspiring and innovative culture, but only Marqeta can offer you a chance to help redefine the payments industry. As a testament to the company we've collectively built, our world-class team voted Marqeta one of the Bay Area’s Best Places to Work.
Marqeta is proud of its Oakland roots and strives to build a team as diverse as the cities in which we operate. Underrepresented populations are encouraged to apply.
We are not expecting any single candidate to have an expertise under all areas of our requirements section. Please apply if you meet some but not all of the requirements.
**Position Summary**
Marqeta is growing a fresh Application Security Team with the goal of significantly improving industry standards in Secure Application Development in the Payments space. We are based in Oakland, California but are open to remote engineers for this role!
As a member of the Application Security Engineer (ASE) Team, you serve as a key contributor to Marqeta’s open payments platform. This role supports the safety and security of our customer’s payments, ensuring the growth of an innovative platform that provides direct access to a strong suite of Payment Card Issuer/Processor APIs. Our long term goal is the development of a strong Product Security Program that protects the global development and deployment of payment and virtual cards as well as mobile authorization.
Our ASEs define Security Engineering standards and practices around Secure Code, Continuous Delivery/Integration, Pre and Post Release S-SDLC, Verification/Validation models, Penetration Testing and innovative Security tooling designed around self-service and rich integration models.
You'll work closely with Marqeta’s Frontend and Backend Engineers, you'll contribute to critical design input for API development and service architectures, and you’ll assist the company in developing strong engineering practices in support of Product Security. Our goal is to both enhance the workflow of our engineers with security-centric tool sets and implement innovative methods of testing code in the pre-release phase.
The ideal candidate has a strong core skill set in two or more of the following areas - Automation, QE Testing, Security Engineering, REST API Design, and/or Strong Knowledge in Modern App Frameworks (esp ReactJS, Rails, or Tomcat). You’re knowledgeable and conversant in common vulnerabilities affecting modern web applications, familiar with modern cloud and datacenter based infrastructure, are looking to grow strong application security experience, and you intend to be an excellent communicator and collaborator. Our ASEs are particularly concerned with scaleable tooling strategies and strong process and practice management, which includes constant refinement in how we engage with our cross-functional team of engineers.**Primary Responsibilities**
Build Self Service Tools for QE, Frontend and Backend Engineers
Assist with Definition, Implementation, and Maintenance of S-SDLC
Lead Application Security Assessments and Design Reviews
Execute Critical Validation/Verification Functions in Pre- and Post-Release
Implement SAST, DAST and Coherent Dependency Vuln Management into the Build Pipeline
Execute Greybox and Whitebox Application Security Assessments
Execute and Support HTTP/S Service-Layer Pen-Testing
Develop Security Training and Guidelines for Engineers
Build and Enhance S/W Testing Strategies with Specialized End-to-End Clients, RSpec, Puppeteer and Selenium-Based Test Cases
Lead Software Vulnerability Management and Risk Mitigation Practices
Offer Guidance and Leadership in PCI Compliance
**Requirements**
3-5 yrs Demonstrable and Practical Experience in Application Security Engineering or Comparable Experience in a Security Engineering Role
You have a passion for Security Engineering as a discipline
You’re an excellent communicator
You employ strong collaboration patterns and enjoy creating positive team dynamics
You know how to own and support positive outcomes
You remain constructive under pressure, with a flexible working style
Functional Development Experience and Proficiency in Python, Go, JS, Ruby, or Java
Familiarity with Java and JVM based Application Stacks (e.g. Tomcat)
Functional Experience with Testing Frameworks and Modern Testing Paradigms (BDD, TDD, and similar)
Solid Knowledge of OAuth and SAML
Strong Knowledge of HTTP/S Service Architectures
Strong Knowledge of Transport Security, specifically TLS and CAs
Strong Knowledge of OWASP and Common Software Vulnerabilities
Solid Understanding of Secure Coding/Development Practices
Experience with Production Build Pipeline and CI/CD stacks (Ex. Jenkins, Nexus, Drone CI)
Familiarity with Container Technology (Ex. Docker, RKT)
Demonstrable Experience with Python, Ruby, JS and/or Go Tool Development
Strong Interest in Automation Practices
Familiarity and Interest in Cloud Services and SAAS Platforms (AWS, GCP)
Familiarity with Terraform and Ansible Automation Stac
**Perks**
Be a member of an exceptional team - we’re growing and your career and opportunities with us will, too!
Rich suite of benefit plans - Employee premiums paid 100%
Generous Paid Time Off plan
Market-leading fully paid Parental Leave
Retirement savings - 401k plan with a Company match
Meaningful Equity
Bi-annual Hack Weeks to support and reward innovation
Beautiful downtown Oakland office in a great location, with stunning views of Lake Merritt
Conveniently located close to public transportation
Open, transparent culture that includes weekly All Hands meetings, Lunch-and-Learns, all-company offsite, etc.
Commuter and Parking monthly subsidy
Access to corporate gym membership rates and other discounts and employee perks!
Fully stocked kitchen, catered lunches twice a week, breakfast on Fridays, and more!
Listing Details
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: No Requirements
- Travel: No Travel
- Telework: Full Telecommute