Principal Security Engineer, Product & AI
Marqeta
11h ago
0$218k - $321kDevUnited Stateshimalayas
Security-EngineeringProduct-SecurityAI-SecuritySecurity-ArchitectureCybersecuritySenior
Job Description
As Marqeta’s Principal Security Engineer you will serve as the technical lead across our security engineering function. This role combines three critical responsibilities: leading product security engineering across our payment platform, building our AI security program as we scale generative AI and ML capabilities, and providing security architecture oversight across enterprise and infrastructure security.Your primary focus will be product security and AI—threat modeling payment features, securing APIs, building genAI controls, and ensuring AI-powered capabilities ship securely. You'll also own the security architecture function and provide technical oversight for infrastructure security—endpoint protection, network security, VPN, and enterprise security controls—ensuring coherent security standards across everything we build and operate.You'll partner closely with Product Security, Infrastructure Security, and Security Operations teams and serve as the security voice in our Model Risk Office. This is an individual contributor role with mentoring responsibilities and broad technical influence across the security, engineering, and business technology organizations.We work Flexible First. This role can be performed remotely anywhere within the United States or from our Oakland office. We’d love for you to join us!You'll have the chance to:Lead product security engineering for our payment platform—owning threat modeling, security architecture review, secure SDLC practices, and API security across the engineering organizationHelp mature our AI security programdeveloping genAI controls, securing ML pipelines, and working alongside the Model Risk Office for model evaluations.Provide security architecture oversight across infrastructure and enterprise security—endpoint, network, VPN, and corporate security controls—ensuring technical standards are coherent across all security domainsShape how security engineering scales across the organization through tooling, frameworks, security champions engagement, and engineering partnershipsThe Impact You'll Have:Product Security:Conduct security architecture reviews and threat modeling for new product features, APIs, and service integrations across the payment platformDefine and maintain secure development lifecycle practices including secure code review standards, API security patterns, and authentication/authorization frameworksDevelop self-service security tooling and developer-facing guardrails that reduce friction while maintaining security postureAI Security:Lead security strategy and risk assessment for AI/ML systems including customer-facing AI products, fraud detection models, LLM integrations, and recommendation systemsBuild genAI security controls—prompt injection prevention, output filtering, model validation, and monitoring frameworksPerform security assessments of AI/ML model architectures, training pipelines, inference endpoints, and deployment infrastructureEvaluate and operationalize AI-powered security tools (e.g., AI-assisted code review, anomaly detection, automated threat intelligence) to improve security operationsEnterprise & Infrastructure Security Oversight:Provide technical oversight for infrastructure security including endpoint protection, network security, VPN, and enterprise security controlsEnsure coherent security architecture standards across product, cloud infrastructure, and corporate environmentsDrive technical decisions for security tooling and controls that span the full environment—from developer laptops to production infrastructureAcross All Domains:Partner across Product Security, Infrastructure Security, and Security Operations teams as well as engineering, data science, and complianceMentor security engineers and cross-functional teams, raising the organization's overall security engineering maturityCommunicate security risks and strategy to executive and board-level audiencesWho You Are:10+ years of security engineering experience with demonstrated technical leadership across multiple security domains; or equivalent combination of education and experienceDeep product security expertise: threat modeling, security architecture review, secure code review, API security, authentication/authorization design, and secure SDLC practicesExperience with or strong interest in AI/ML security—understanding of risks including adversarial attacks, model poisoning, prompt injection, data privacy, and AI supply chain threats. We want someone who is genuinely excited about AI technology and wants to secure it, not just govern itBroad security fluency across infrastructure and enterprise security—endpoint protection, network security, identity, and cloud security—even if your deepest expertise is in application and product securityExperience working in cloud-native environments (AWS preferred) with familiarity across AI/ML services (Bedrock, SageMaker, etc.)Proven ability to build security frameworks, tools, and programs from the ground upStrong pro
