Senior Security Engineer - Detection & Response - EU/UK

About the Role

The day-to-day responsibilities will involve a deep dive into security incidents, analyzing and responding to threats, and ensuring that Marqeta's security posture is always aligned with the latest threats and technologies. The role also involves collaboration with detection engineering efforts, participation in 24x7 on-call rotations, and research into threat intelligence sources to stay ahead of potential threats.

What You Will Do

• Investigate and respond to security incidents across Marqeta’s environment, utilizing expertise in incident response, digital forensics, and threat hunting.
• Proactively monitor Marqeta’s environment for cyber threat activity, managing day-to-day security alerts through timely analysis, triage, and appropriate response actions.
• Serve as incident commander during security events, directing investigation strategies and coordinating cross-functional response efforts.
• Execute incident response activities aligned with the NIST Incident Response Lifecycle to detect, contain, eradicate, recover, and learn from cybersecurity incidents.
• Contribute to the maintenance and improvement of the Cybersecurity Incident Response Plan (CIRP), playbooks, runbooks, and standard operating procedures to ensure consistent and effective response operations.
• Participate in 24x7x365 on-call rotations, providing skilled guidance during security incidents and contributing to thorough post-incident reviews.
• Research threat intelligence sources and contribute to hypothesis-driven threat hunting initiatives to uncover threats in corporate and production environments.
• Work closely with Security Engineering to tune security solutions, enhance detection capabilities, and leverage business knowledge to improve security monitoring.
• Design, develop, and maintain detection logic using a detections-as-code approach, collaborating with Security Solution Engineering to deploy detections through CI/CD pipelines into SIEM and EDR platforms.
• Contribute to detection coverage mapped to MITRE ATT&CK framework, identifying gaps in visibility and supporting detection development prioritization based on threat intelligence and business risk.
• Coordinate with HR, law enforcement, response retainers, and cyber insurers as required, including support on cyber-crime financial fraud use cases.
• Support the development of less-experienced security team members through knowledge sharing, pair investigations, and leading by example.

What We Are Looking For

• 5+ years of hands-on experience in security operations with strong expertise in incident response, digital forensics, and threat hunting.
• Experience serving as an incident commander or leading incident response workstreams, with the ability to make sound decisions under pressure.
• Strong knowledge of the NIST Incident Response Lifecycle and experience contributing to incident response documentation and procedures.
• Proficiency with security monitoring and forensic tools including EDR, SIEM, and SOAR systems.
• Experience developing detections-as-code, including familiarity with version control, CI/CD pipelines, and detection testing frameworks.
• Working knowledge of MITRE ATT&CK and its application in threat hunting and detection development.
• Ability to work in a fast-paced environment, with excellent communication and collaboration skills.
• Strong analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective solutions.

Nice to Have

• Experience with cloud security platforms, such as AWS or Azure, and containerization technologies like Docker.
• Knowledge of programming languages, such as Python, Java, or C++, and experience with automation scripts.
• Familiarity with Agile development methodologies and version control systems like Git.
• Experience with security information and event management (SIEM) systems and security orchestration, automation, and response (SOAR) solutions.
• Certifications in cybersecurity, such as CISSP, CEH, or CompTIA Security+.

Benefits and Perks

• Competitive salary and benefits package.
• Opportunity to work with a cutting-edge payments technology company.
• Collaborative and dynamic work environment with a team of experienced security professionals.
• Professional development opportunities, including training and certification programs.
• Flexible working arrangements, including remote work options.
• Access to the latest security tools and technologies.
• Recognition and reward for outstanding performance and contributions to the team.
• Comprehensive health insurance and wellness programs.
• Generous PTO and holiday package.

• Ensure you have a solid understanding of the NIST Incident Response Lifecycle and can apply it in real-world scenarios.
• Practice your incident response skills through simulations or tabletop exercises to demonstrate your expertise.
• Develop a personal project or contribute to open-source security projects to showcase your coding and automation skills.
• Prepare to talk about specific threat hunting initiatives you’ve led or been a part of, highlighting your approach and outcomes.
• When discussing your experience with security monitoring and forensic tools, focus on specific tools and how you’ve used them to detect and respond to threats.
• Be ready to explain how you stay current with the latest cyber threats and how you incorporate that knowledge into your work.