Marqeta

Manager, Vulnerability & Data Security

Marqeta

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $167,100 - $208,900 per year

Job Level

SeniorLead

Tech Stack

AWSAzureCloudGoogle Cloud PlatformRuby on RailsSDLC

About the role

  • Lead program strategy and operations: asset coverage, scanning cadence, prioritization, and measurable risk reduction using Tenable (Nessus/SC/IO) and Snyk.
  • Integrate Tenable and Snyk findings into engineering backlogs with clear SLAs; partner with SRE, platform, and application teams to drive remediation.
  • Establish risk-based prioritization (CVSS, KEV, EPSS, exploitability, business criticality) and publish dashboards for transparency to leadership.
  • Mature patching and configuration baselines; build preventative controls and secure-by-default guardrails.
  • Coordinate vulnerability disclosure, pen test intake, and threat-driven campaigns for actively exploited CVEs.
  • Report program health, trends, and exceptions to security leadership and auditors.
  • Establish clear data ownership and stewardship across critical datasets; define roles, responsibilities, and decision rights.
  • Define and enforce data classification, access, and usage policies; drive best practices and guard rails for least privilege and segregation of duties.
  • Operationalize Sentra (DSPM) and Google DLP to monitor data exposure and access risks; drive timely remediation with accountable teams.
  • Build data lifecycle controls (creation, storage, use, sharing, archival, destruction) and technical guardrails embedded in platforms and workflows.
  • Ensure compliance with data protection regulations (e.g., PCI, SOX); partner on control design, testing, and evidence collection.
  • Collaborate with Security, Legal, Privacy, and Data teams to protect data across its lifecycle and enable safe analytics/product use cases.
  • Develop metrics (DLP incidents, misconfigurations, toxic combinations, stale sensitive datasets, policy violations) and report to leadership.

Requirements

  • 7–10+ years in information security with 3+ years leading programs or teams; regulated/fintech experience preferred.
  • Hands-on depth managing vulnerabilities at scale with Tenable and Snyk across cloud-native, containers, endpoints, and CI/CD.
  • Practical experience building/maturing data security programs with Sentra (DSPM) and Google DLP; strong policy design and enforcement.
  • Partner management across engineering, data, and compliance; able to translate risk into actionable plans and measurable outcomes.
  • Familiarity with PCI and SOX; knowledge of SDLC, DevSecOps, and cloud security architectures (AWS/GCP/Azure).
  • Comfort with IAM/IGA, SIEM, CNAPP, and ticketing/workflow integrations; solid grasp of data governance concepts (stewardship, lineage).
  • Excellent communication and reporting—clear narratives, crisp metrics, executive-ready updates.
  • Certifications such as CISSP or CISM are a plus.
Benefits
  • Multiple health insurance options
  • Flexible time off – take what you need
  • Retirement savings program with company contribution and after tax contributions
  • Equity in a publicly-traded company and an Employee Stock Purchase Program
  • Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave
  • Free therapy sessions, financial and professional coaching, and legal advice
  • Monthly stipend to support our remote work model
  • Annual “development dollars” to support our people growth and development
  • Through Flex First, the freedom to live and work wherever you and your family thrive

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
vulnerability managementdata security program developmentrisk-based prioritizationdata lifecycle controlspolicy design and enforcementcloud security architecturedata governancemetrics developmentremediation strategiescompliance with data protection regulations
Soft skills
leadershipcommunicationcollaborationpartner managementtranslating risk into actionable plansreportingdecision makingdata stewardshiporganizational skillsproblem solving
Certifications
CISSPCISM