Senior Security Engineer - Cloud Identity
Marqeta · Toronto, Canada | Vancouver, Canada · CyberSecurity
About this role
Marqeta is hiring a senior-level Cloud Security Engineer based in Toronto, Canada | Vancouver, Canada. The posting calls out experience with Python, AWS, Terraform, CloudFormation.
- Role
- Cloud Security Engineer
- Function
- security
- Level
- senior
- Track
- Individual contributor
- Employment
- Full-time
- Location
- Toronto, Canada | Vancouver, Canada
- Department
- CyberSecurity
More roles at Marqeta
Job description
from Marqeta careersWe’re seeking an experienced Senior Security Engineer with a strong passion for Identity and Access Management(IAM) and proven expertise in cloud-native environments, particularly AWS. In this role, you’ll help shape and implement modern identity strategies to secure access across all of Marqeta’s systems and services—100% cloud-based, with no data center footprint.
Join us in building a secure, scalable, and frictionless IAM program where you’ll play a crucial part in:
- Building and evolving our Identity Governance and Administration (IGA) capabilities.
- Implementing & Operating Privileged Access Management (PAM) in a cloud-first (AWS-focused) environment.
- Designing and architecting a Certificate Lifecycle Management solution that supports cloud-native workloads.
- Driving integration of IAM across AWS services, SaaS platforms, and developer/DevOps pipelines.
- Designing identity and access controls to protect AI/ML systems—ensuring secure access to training data, models, and inference APIs.
The Impact You’ll Have
- Develop and lead implementation of robust IAM strategies aligned with cloud-native architecture and security principles.
- Expand and operationalize the IAM program across IGA, PAM, SSO, MFA, access management, secrets management, and certificate lifecycle.
- Automate identity provisioning, de-provisioning, and access reviews using AI tools and infrastructure-as-code.
- Design IAM integrations for AWS-native services (Lambda, EC2, S3, IAM, etc.), SaaS platforms, and third-party identity tools (e.g., Okta, CyberArk).