Job Specifications
We are seeking a UK-based Staff Security Engineer to serve as a technical leader within our Security Operations and Response Team.
As a senior technical responder, you will lead our incident response program, proactively monitor Marqeta's environment for cyber threats, and serve as incident commander during security events of all severity levels. You will establish response methodologies aligned with the NIST Incident Response Lifecycle, maintain the cybersecurity incident response plan, and drive continuous improvement of our security operations.
This position requires extensive expertise in incident response, digital forensics, threat hunting, and security monitoring technologies. You will provide technical leadership across the organization, mentor team members, and participate in 24x7 on-call rotations.
The role reports to the Manager of Security Operations and Response.
This role can be performed remotely anywhere in the UK, or from our London, UK office. We'd love for you to join us!
The Impact You’ll Have
Proactively monitor Marqeta's environment for cyber threat activity and manage day-to-day security alerts through timely analysis, triage, and appropriate response actions
Serve as the incident commander during security events of all severity levels, directing investigation strategies and coordinating cross-functional response efforts
Deliver NIST Incident Response Lifecycle aligned services to prepare for, detect, contain, eradicate, recover, and learn from cybersecurity incidents
Work with the CISO to maintain the Cybersecurity Incident Response Plan (CIRP), ensuring alignment with government and law enforcement reporting requirements
Document and maintain Security Operations processes, procedures, playbooks, and runbooks to ensure consistent and effective response operations
Participate in 24x7x365 on-call rotations, providing expert-level guidance during security incidents and conducting thorough post-incident reviews
Proactively research threat intelligence sources to develop and lead hypothesis-driven threat hunting initiatives to uncover threats in corporate and production environments
Work closely with Security Engineering to tune security solutions, enhance detection capabilities, and leverage business knowledge to improve security monitoring
Design, develop, and maintain detection logic using a detections-as-code approach, collaborating with Security Solution Engineering to deploy detections through CI/CD pipelines into our SIEM and EDR platforms
Maintain and expand detection coverage mapped to MITRE ATT&CK framework, identifying gaps in visibility and prioritizing detection development based on threat intelligence and business risk
Serve as liaison with HR, law enforcement, response retainers, and cyber insurers as required, including coordination on cyber-crime financial fraud use cases
Mentor security team members in incident response methodologies while collaborating with senior leadership to communicate security risks and strategic recommendations
Partner with Fraud, Compliance, and Risk teams on security events involving payment systems, cardholder data, or regulatory reporting obligations under PCI DSS and related frameworks
Who You Are
8+ years of hands-on experience in security operations with deep expertise in incident response, digital forensics, and threat hunting
Demonstrated experience serving as an incident commander, managing response workflows and making decisions under pressure for security events of varying severity
Advanced knowledge of the NIST Incident Response Lifecycle and experience developing effective incident response documentation and procedures
Expert-level proficiency with security monitoring and forensic tools including EDR, SIEM, and SOAR systems
Experience developing and maintaining detections-as-code, including familiarity with version control, CI/CD pipelines, and detection testing frameworks
Working knowledge of MITRE ATT&CK and experience using it to assess detection coverage, map threat actor TTPs, and prioritize detection engineering efforts
Experience conducting post-incident reviews and implementing security improvements based on lessons learned
Strong understanding of threat actor TTPs and ability to apply threat intelligence to enhance detection and response capabilities
Experience tuning security solutions and developing automation workflows to improve monitoring effectiveness and response efficiency
Advanced knowledge of AWS cloud services and securing cloud environments
Ability to effectively communicate with technical and executive stakeholders during security incidents and investigations
Experience in payment processing, fintech, or other highly regulated environments; familiarity with PCI DSS incident handling requirements a plus
Proven ability to work independently while demonstrating sound judgment about when to engage team members or escalate issues
Strong mentorship abilities with a track record of developing junior security pro
About the Company
Modern life is fueled by modern financial solutions that are so seamlessly woven into our daily lives, you almost forget they are there. At Marqeta, we don't just think about how we transact, we think about how those transactions can unlock delight with every digital experience. Our modern card issuing platform enables our world-class customers to create tailored and embedded financial solutions that cater to the evolving needs of today's consumers. Marqeta is a flexible-first company with headquarters in Oakland, CA. We're ...
Know more