Senior Security Engineer - Detect & Response - EU/UK

We are seeking a UK-based Staff Security Engineer to serve as a technical leader within our Security Operations and Response Team.

As a senior technical responder, you will lead our incident response program, proactively monitor Marqeta's environment for cyber threats, and serve as incident commander during security events of all severity levels. You will establish response methodologies aligned with the NIST Incident Response Lifecycle, maintain the cybersecurity incident response plan, and drive continuous improvement of our security operations.

This position requires extensive expertise in incident response, digital forensics, threat hunting, and security monitoring technologies. You will provide technical leadership across the organization, mentor team members, and participate in 24x7 on-call rotations.

The role reports to the Manager of Security Operations and Response.

This role can be performed remotely anywhere in the UK, or from our London, UK office. We'd love for you to join us!

The Impact You’ll Have

Proactively monitor Marqeta’s environment for cyber threat activity and manage day-to-day security alerts through timely analysis, triage, and appropriate response actions

Serve as incident commander during security events, directing investigation strategies and coordinating cross-functional response efforts

Execute incident response activities aligned with the NIST Incident Response Lifecycle to detect, contain, eradicate, recover, and learn from cybersecurity incidents

Contribute to the maintenance and improvement of the Cybersecurity Incident Response Plan (CIRP), playbooks, runbooks, and standard operating procedures to ensure consistent and effective response operations

Participate in 24x7x365 on-call rotations, providing skilled guidance during security incidents and contributing to thorough post-incident reviews

Research threat intelligence sources and contribute to hypothesis-driven threat hunting initiatives to uncover threats in corporate and production environments

Work closely with Security Engineering to tune security solutions, enhance detection capabilities, and leverage business knowledge to improve security monitoring

Design, develop, and maintain detection logic using a detections-as-code approach, collaborating with Security Solution Engineering to deploy detections through CI/CD pipelines into our SIEM and EDR platforms

Contribute to detection coverage mapped to MITRE ATT&CK framework, identifying gaps in visibility and supporting detection development prioritization based on threat intelligence and business risk

Coordinate with HR, law enforcement, response retainers, and cyber insurers as required, including support on cyber-crime financial fraud use cases

Support the development of less-experienced security team members through knowledge sharing, pair investigations, and leading by example

Partner with Fraud, Compliance, and Risk teams on security events involving payment systems, cardholder data, or regulatory reporting obligations under PCI DSS and related frameworks

Who You Are

5+ years of hands-on experience in security operations with strong expertise in incident response, digital forensics, and threat hunting

Experience serving as an incident commander or leading incident response workstreams, with the ability to make sound decisions under pressure

Strong knowledge of the NIST Incident Response Lifecycle and experience contributing to incident response documentation and procedures

Proficiency with security monitoring and forensic tools including EDR, SIEM, and SOAR systems

Experience developing detections-as-code, including familiarity with version control, CI/CD pipelines, and detection testing frameworks

Working knowledge of MITRE ATT&CK and experience using it to assess detection coverage and map threat actor TTPs

Experience contributing to post-incident reviews and implementing security improvements based on lessons learned

Solid understanding of threat actor TTPs and ability to apply threat intelligence to enhance detection and response capabilities

Experience tuning security solutions and developing automation workflows to improve monitoring effectiveness and response efficiency

Working knowledge of AWS cloud services and securing cloud environments

Ability to effectively communicate with technical and non-technical stakeholders during security incidents and investigations

Experience in payment processing, fintech, or other highly regulated environments; familiarity with PCI DSS incident handling requirements a plus

Proven ability to work independently while demonstrating sound judgment about when to engage team members or escalate issues

Willingness to mentor and support the growth of junior security professionals in incident response techniques

Recruiter:

Louise Devlin

Typical Process

Application submission

Recruiter phone or video call

Hiring manager video call

Virtual "Onsite" consisting of 4-5, 45 min interviews

Offer!

Compensation & Benefits

Premium Private Medical and Dental coverage

Generous time off program with additional “Floating Holiday days”

Retirement savings program with company contribution

Equity in a publicly-traded company and an Employee Stock Purchase Program

Monthly stipend to support our remote work model

Annual development stipend to support our people's growth and development

Family-forming benefits and up to 20 weeks of Parental Leave

Wellbeing programs i.e. Modern Health, HealthKick and much more…