[Hiring] Principal Security Engineer, Product & AI @MQ Referrals Only

Role Description

As Marqeta’s Principal Security Engineer you will serve as the technical lead across our security engineering function. This role combines three critical responsibilities:

• Leading product security engineering across our payment platform
• Building our AI security program as we scale generative AI and ML capabilities
• Providing security architecture oversight across enterprise and infrastructure security

Your primary focus will be product security and AI—threat modeling payment features, securing APIs, building genAI controls, and ensuring AI-powered capabilities ship securely. You'll also own the security architecture function and provide technical oversight for infrastructure security—endpoint protection, network security, VPN, and enterprise security controls—ensuring coherent security standards across everything we build and operate.

You'll partner closely with Product Security, Infrastructure Security, and Security Operations teams and serve as the security voice in our Model Risk Office. This is an individual contributor role with mentoring responsibilities and broad technical influence across the security, engineering, and business technology organizations.

We work Flexible First. This role can be performed remotely anywhere within the United States or from our Oakland office.

You'll have the chance to:

• Lead product security engineering for our payment platform—owning threat modeling, security architecture review, secure SDLC practices, and API security across the engineering organization
• Help mature our AI security program—developing genAI controls, securing ML pipelines, and working alongside the Model Risk Office for model evaluations
• Provide security architecture oversight across infrastructure and enterprise security—endpoint, network, VPN, and corporate security controls—ensuring technical standards are coherent across all security domains
• Shape how security engineering scales across the organization through tooling, frameworks, security champions engagement, and engineering partnerships

Qualifications

• 10+ years of security engineering experience with demonstrated technical leadership across multiple security domains; or equivalent combination of education and experience
• Deep product security expertise: threat modeling, security architecture review, secure code review, API security, authentication/authorization design, and secure SDLC practices
• Experience with or strong interest in AI/ML security—understanding of risks including adversarial attacks, model poisoning, prompt injection, data privacy, and AI supply chain threats
• Broad security fluency across infrastructure and enterprise security—endpoint protection, network security, identity, and cloud security
• Experience working in cloud-native environments (AWS preferred) with familiarity across AI/ML services (Bedrock, SageMaker, etc.)
• Proven ability to build security frameworks, tools, and programs from the ground up
• Strong programming skills in at least one language (Python, Java, Go, or similar) with the ability to read and review code across multiple languages
• Experience with security assessment methodologies and risk management frameworks
• Working knowledge of compliance and control frameworks relevant to financial services (PCI DSS, SOX, SOC2, NIST CSF)
• Ability to communicate complex security risks to both technical and executive audiences

Requirements

• Financial services or fintech experience strongly preferred
• Experience securing payment processing systems, card issuing platforms, fraud detection models, or transaction monitoring infrastructure
• Hands-on experience with LLM security: prompt injection mitigation, output filtering, RAG security, agent security patterns
• Experience with enterprise security platforms (EDR, SIEM, identity providers, network security tools)
• Experience with ML frameworks (PyTorch, TensorFlow) or background in data science / machine learning engineering
• Knowledge of AI governance, model risk management practices, and emerging AI regulatory frameworks (EU AI Act, NIST AI RMF)
• Background in supply chain security, CI/CD pipeline security, or secure software composition analysis
• Experience with privacy-preserving ML techniques (differential privacy, federated learning, secure multi-party computation)
• Experience with Kubernetes, containerized workloads, and Infrastructure as Code (Terraform)
• CISSP, CCSP, CISA, or other relevant security certifications
• Experience building and scaling security programs in high-growth environments

Benefits

• Multiple health insurance options
• Flexible time off – take what you need
• Retirement savings program with company contribution and after tax contributions
• Equity in a publicly-traded company and an Employee Stock Purchase Program
• Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave
• Free therapy sessions, financial and professional coaching, and legal advice
• Monthly stipend to support our remote work model
• Annual “development dollars” to support our people growth and development
• Through Flex First, the freedom to live and work wherever you and your family thrive