Staff Security Engineer - Cryptography & Key Management

Oakland, CA

We’re seeking an experienced Staff Security Engineer with a strong passion for data security and a deep understanding of encryption and key management. In this role, you’ll have the opportunity to shape and implement cutting-edge security strategies to protect sensitive data across our platforms.

Join us in building secure cloud environments where you’ll play a crucial part in:

• Cloud Data Security – Driving initiatives around data discovery, classification, and protection.
• Encryption & Key Management – Leading encryption and secrets management across the enterprise.
• PKI & Certificate Management – Architecting robust public key infrastructures and certificate solutions.

This is a remote-first role, with the option to work from anywhere within the U.S. or from our Oakland office. If you're excited about designing and securing the future of data, we’d love to have you on our team!

What You'll Do:

• Lead the development of enterprise-level data security architecture and strategies.
• Define encryption and secrets management standards, ensuring alignment with product development and enterprise needs.
• Collaborate closely with security, technology, and privacy teams to implement and maintain data classification, encryption, and key management standards.
• Deploy, configure, and manage cloud-based Key Management Services (KMS) and Hardware Security Modules (HSMs).
• Participate in Proof of Concept (POC) testing and demonstrations for new cryptographic products and services.
• Serve as a key custodian, overseeing the full lifecycle of sensitive key material, including governance and security controls.
• Maintain and update data security tooling such as Data Security Posture Management (DSPM) and Data Loss Prevention (DLP) solutions.
• Ensure systems remain compliant with evolving security standards like PCI-DSS and FIPS 140-2 & 140-3.
• Provide operational support, including on-call rotation, and document critical procedures such as key lifecycle management and disaster recovery plans.
• Research emerging security standards and advise on their integration into our strategies.

What We're Looking For:

• A minimum of 8 years related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
• 5+ years of professional experience within data security including encryption, tokenization, PKI implementation and key management.
• 4 years+ of in-depth experience working with payment and/or general-purpose HSMs, cloud KMSs.
• 4+ years of practical experience in encryption algorithms (e.g., AES, RSA), protocols (e.g., TLS/SSL), key management, secrets management.
• 3+ years with cloud computing architectures and Infrastructure as Code (e.g., Terraform).
• 2+ years working experience with security regulatory/compliance requirements including PCI, NIST and GDPR.
• 2+ years experience with data security, classification and posture management tooling.
• Strong collaboration and communication skills, with the ability to influence cross-functional teams and stakeholders.
• Problem-solving skills to navigate complexity and security risks with confidence and flexibility.

Nice to Have:

• Experience with Thales payShield HSM, AWS KMS and AWS Secrets Manager.
• Coding experience and working knowledge of Google Tink, PKCS11, JCE , OpenSSL and other crypto libraries.
• Familiarity with Kubernetes, cloud platforms, and IaC tools like Terraform.
• Experience with AWS Payment Cryptography would be a major plus.
• CISSP, CCSP, CISA or other appropriate certifications is a plus.

Job Expectations:

• Occasional travel (up to 10%).
• A hiring process that includes an application, recruiter call, hiring manager video call, and a virtual “onsite” interview.

Compensation and Benefits

Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office. To support Flex First, we calibrate pay to a competitive value according to working location. Compensation is aligned according to three tiers within the United States:

• National: A baseline tier that applies to most of the geographic territory of the United States.
• Premium: Slightly elevated from the National tier, and oriented toward a narrower set of higher cost-of-living areas, such as Los Angeles CA and Seattle WA.
• Premium Plus: A tier for the most expensive working areas, like the San Francisco Bay area and New York City.

Visit this page or consult with a Recruiter to determine which tier would be applicable to you.

When determining salaries, we consider several factors including, but not limited to, skills, prior experience, and work location. The new-hire base salary range for this position is:

• National: $167,100 - $208,900
• Premium: $179,800 - $224,700

We also believe in recognizing the contributions of our people. That's why we award annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company.

Along with monetary compensation, Marqeta offers:

• Multiple health insurance options.
• Flexible time off – take what you need.
• Retirement savings program with company contribution and after tax contributions.
• Equity in a publicly-traded company and an Employee Stock Purchase Program.
• Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave.
• Free therapy sessions, financial and professional coaching, and legal advice.
• Monthly stipend to support our remote work model.
• Annual “development dollars” to support our people growth and development.

Marqeta is on a mission to change the way money moves. We’re one of the earliest enablers of embedded finance, a market opportunity sized up in the trillions. Our card issuing platform provides unprecedented flexibility and control for companies to issue cards, authorize transactions, and manage payment operations in real time. Marqeta is powering the most well known brands in the new economy (Block, Cash App, Affirm, Instacart, Doordash, Uber, Walmart, etc). You don’t need to be a Payments expert to join the Marqeta Team, let us help you with that. This is the opportunity of a lifetime to work with innovators around the world and unlock equitable financial access for all.

– Solve for the Customer: With a deep understanding of our customers' business and empathy for their needs, we deliver products and services that drive their success. Earning and keeping their trust guides everything we do.

– Do What's Right: Knowing businesses and livelihoods depend on us, we pursue solutions that disrupt responsibly and deliver high-quality results that our customers count on. We own our work from start to finish.

– Simplify and Innovate: We approach challenges with curiosity and take smart risks. Innovation comes from finding better, simpler ways to achieve extraordinary outcomes.

– Win as a Team: We succeed together by embracing diverse perspectives and pushing each other to raise the bar. We lead with humility and set aside hierarchy to work as a team.

– Make it Count: We drive forward with focus and agility. With a sense of urgency and purpose, we get the job done, and done right.

Equal Employment Opportunity, Accommodations and Privacy

Marqeta is proud to be an equal opportunity employer that gives consideration to all qualified applicants regardless of race, ancestry, national origin, color, Indigenous, citizenship, religion/creed, sex, sexual orientation, gender identity, gender expression marital status, family status, disability, veteran status, criminal histories consistent with legal requirements, or any other characteristic protected by applicable law.

Our dedication to diversity and inclusion extends beyond the categories above. Review Marqeta’s ESG Report to see that dedication in action. Fostering an environment where everyone feels valued and respected creates a stronger and more innovative team at Marqeta. We celebrate the unique contributions of each individual and empower all members of our organization. Join us in building a company where diversity thrives and everyone can be their authentic selves.