Application Security Engineer
Posted on: January 14, 2019
Are you looking to join an innovative organization powering payments for the next generation of fintech and commerce innovators? Marqeta has built the world's first open API issuer processor platform from scratch, powering prepaid, debit, and credit cards for the most recognizable names in financial technology, alternative lending, on-demand services and ecommerce. Marqeta has become the leader in payment innovation. Our company is comprised of a team of industry experts, a dynamic approach to working on challenging problems, and an open environment and culture that is focused on ideas and innovation. Not only do we have an inspiring and innovative culture, but only Marqeta can offer you a chance to help redefine the payments industry - it's very exciting around here these days. As a testament to the company we've collectively built, our world-class team voted Marqeta one of the Bay Area's Best Places to Work. So take a look at our current career opportunities, introduce yourself and tell us why you would be a great addition to our team we adore meeting top talent Position Summary Marqeta is growing a fresh Application Security Team with the goal of significantly improving industry standards in Secure Application Development in the Payments space. As a member of the Application Security Engineer (ASE) Team, you serve as a key contributor to Marqeta's open payments platform. This role supports the safety and security of our customer's payments, ensuring the growth of an innovative platform that provides direct access to a strong suite of Payment Card Issuer/Processor APIs. Our long term goal is the development of a strong Product Security Program that protects the global development and deployment of payment and virtual cards as well as mobile authorization. Our ASEs define Security Engineering standards and practices around Secure Code, Continuous Delivery/Integration, Pre and Post Release S-SDLC, Verification/Validation models, Penetration Testing and innovative Security tooling designed around self-service and rich integration models. You'll work closely with Marqeta's Frontend and Backend Engineers, you'll contribute to critical design input for API development and service architectures, and you'll assist the company in developing strong engineering practices in support of Product Security. Our goal is to both enhance the workflow of our engineers with security-centric tool sets and implement innovative methods of testing code in the pre-release phase. The ideal candidate has a strong core skill set in two or more of the following areas - Automation, QE Testing, Security Engineering, REST API Design, and/or Strong Knowledge in Modern App Frameworks (esp ReactJS, Rails, or Tomcat). You're knowledgeable and conversant in common vulnerabilities affecting modern web applications, familiar with modern cloud and datacenter based infrastructure, are looking to grow strong application security experience, and you intend to be an excellent communicator and collaborator. Our ASEs are particularly concerned with scaleable tooling strategies and strong process and practice management, which includes constant refinement in how we engage with our cross-functional team of engineers. Primary Responsibilities Build Self Service Tools for QE, Frontend and Backend Engineers Assist with Definition, Implementation, and Maintenance of S-SDLC Lead Application Security Assessments and Design Reviews Execute Critical Validation/Verification Functions in Pre- and Post-Release Implement SAST, DAST and Coherent Dependency Vuln Management into the Build Pipeline Execute Greybox and Whitebox Application Security Assessments Execute and Support HTTP/S Service-Layer Pen-Testing Develop Security Training and Guidelines for Engineers Build and Enhance S/W Testing Strategies with Specialized End-to-End Clients, RSpec, Puppeteer and Selenium-Based Test Cases Lead Software Vulnerability Management and Risk Mitigation Practices Offer Guidance and Leadership in PCI Compliance Requirements 3-5 yrs Demonstrable and Practical Experience in Application Security Engineering or Comparable Experience in a Security Engineering Role You have a passion for Security Engineering as a discipline You're an excellent communicator You employ strong collaboration patterns and enjoy creating positive team dynamics You know how to own and support positive outcomes You remain constructive under pressure, with a flexible working style Functional Development Experience and Proficiency in Python, Go, JS, Ruby, or Java Familiarity with Java and JVM based Application Stacks (e.g. Tomcat) Functional Experience with Testing Frameworks and Modern Testing Paradigms (BDD, TDD, and similar) Solid Knowledge of OAuth and SAML Strong Knowledge of HTTP/S Service Architectures Strong Knowledge of Transport Security, specifically TLS and CAs Strong Knowledge of OWASP and Common Software Vulnerabilities Solid Understanding of Secure Coding/Development Practices Experience with Production Build Pipeline and CI/CD stacks (Ex. Jenkins, Nexus, Drone CI) Familiarity with Container Technology (Ex. Docker, RKT) Demonstrable Experience with Python, Ruby, JS and/or Go Tool Development Strong Interest in Automation Practices Familiarity and Interest in Cloud Services and SAAS Platforms (AWS, GCP) Familiarity with Terraform and Ansible Automation Stacks Perks Be a member of an exceptional team - we're growing and your career and opportunities with us will, too Rich suite of benefit plans - Employee premiums paid 100% Generous Paid Time Off plan Market-leading fully paid Parental Leave Retirement savings - 401k plan with a Company match Meaningful Equity Bi-annual Hack Weeks to support and reward innovation Beautiful downtown Oakland office in a great location, with stunning views of Lake Merritt Conveniently located close to public transportation Open, transparent culture that includes weekly All Hands meetings, Lunch-and-Learns, all-company offsite, etc. Commuter and Parking monthly subsidy Access to corporate gym membership rates and other discounts and employee perks Fully stocked kitchen, catered lunches twice a week, breakfast on Fridays, and more
Keywords: Marqeta, Oakland , Application Security Engineer, Engineering , Oakland, California
Didn't find what you're looking for? Search again!