Senior Security Engineer - Cloud Identity
MqreferralsRole Overview
Mqreferrals is hiring a Senior Security Engineer - Cloud Identity. This is a full-time role in Toronto, Canada; Vancouver. Part of Mqreferrals's Lifecycle hiring, posted 2 weeks ago. Full responsibilities, required qualifications, and the apply link are listed in the description below.
Salary Context
Salary is not disclosed in this posting. Market median for Senior-level Lifecycle roles is $130k-$185k (based on 33 comparable listings). Many employers share specifics during the interview process or after an initial screen.
Resume Keywords to Include
Make sure these keywords appear in your resume to improve ATS scoring
Job description
We’re seeking an experienced Senior Security Engineer with a strong passion for Identity and Access Management(IAM) and proven expertise in cloud-native environments, particularly AWS. In this role, you’ll help shape and implement modern identity strategies to secure access across all of Marqeta’s systems and services—100% cloud-based, with no data center footprint.
Join us in building a secure, scalable, and frictionless IAM program where you’ll play a crucial part in:
- Building and evolving our Identity Governance and Administration (IGA) capabilities.
- Implementing & Operating Privileged Access Management (PAM) in a cloud-first (AWS-focused) environment.
- Designing and architecting a Certificate Lifecycle Management solution that supports cloud-native workloads.
- Driving integration of IAM across AWS services, SaaS platforms, and developer/DevOps pipelines.
- Designing identity and access controls to protect AI/ML systems—ensuring secure access to training data, models, and inference APIs.
The Impact You’ll Have
- Develop and lead implementation of robust IAM strategies aligned with cloud-native architecture and security principles.
- Expand and operationalize the IAM program across IGA, PAM, SSO, MFA, access management, secrets management, and certificate lifecycle.
- Automate identity provisioning, de-provisioning, and access reviews using AI tools and infrastructure-as-code.
- Design IAM integrations for AWS-native services (Lambda, EC2, S3, IAM, etc.), SaaS platforms, and third-party identity tools (e.g., Okta, CyberArk).
- Promote and enforce least privilege and zero-trust principles through scalable access controls and policy automation.
- Mentor junior engineers and serve as a technical lead for IAM-related projects.
- Collaborate with Security, DevOps, and Infrastructure teams to embed IAM controls across the engineering lifecycle.
- Stay ahead of emerging trends and continuously refine IAM strategy based on evolving cloud threats and compliance requirements.
Who You Are
- A minimum of 8 years related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
- Strong experience with IAM tools (e.g., Okta, CyberArk, Ping, SailPoint).
- Deep knowledge of IAM in cloud-native environments, especially AWS IAM, roles, policies, permissions boundaries, and federation.
- Proficiency in infrastructure-as-code (e.g., Terraform, CloudFormation).
- Familiarity with authentication and authorization protocols (SAML, OAuth2, OpenID Connect, Kerberos).
- Strong grasp of directory services like Active Directory, LDAP, and cloud-based alternatives.
- Hands-on skills in scripting (e.g., Python, PowerShell) to automate IAM operations.
- Solid understanding of compliance standards: NIST, SOC 2, PCI DSS, etc.
- Proven experience integrating IAM into CI/CD pipelines, secrets management, and DevOps workflows.
- Excellent communication skills and ability to influence and lead cross-functional teams.
Nice to have
- Relevant certifications such as CISSP, CISM, or IAM-specific credentials (e.g., CIAM/CAMS, CyberArk Certified, Okta Certified Consultant).
- Experience with AWS technologies such as Lambda, S3, DynamoDB, RDS, Aurora, SNS, SQS, CloudTrail, CloudWatch, Code Pipeline, AWS Developer Tools, and IAM roles and permissions
- Experience with DevOps tools and practices, including secrets management and CICD pipelines
Manager
- Sandeep Chotwani
Recruiter for this role
- Kayla Osuna
Compensation and Benefits
Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office. To support Flex First, we calibrate pay to a competitive value according to working location.
When determining salaries, we consider several factors including, but not limited to, skills, prior experience, and work location. The new-hire base salary range for this position, reflected in CAD, is: 136,800 - 171,000
We also believe in recognizing the contributions of our people. That's why we award annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company.
Along with monetary compensation, Marqeta offers
- Multiple health insurance options
- Flexible vacation time
- Retirement savings program with company contribution
- Equity in a publicly-traded company
- Monthly stipend to support our remote work model
- Annual “development dollars” to support our people growth and development
- Family-forming benefits and up to 20 weeks of Parental Leave
About Mqreferrals
Mqreferrals
38 other open roles at Mqreferrals on TryApplyNow.
Frequently Asked Questions
How do I apply for the Senior Security Engineer - Cloud Identity position at Mqreferrals?
Use the Apply button above to submit your application directly to Mqreferrals. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.
Where is the Senior Security Engineer - Cloud Identity position at Mqreferrals located?
This position is based in Toronto, Canada; Vancouver. Mqreferrals has not indicated remote or hybrid options for this role, so candidates should plan for on-site work.
What does a Senior Security Engineer - Cloud Identity at Mqreferrals earn?
Mqreferrals has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.
When was the Senior Security Engineer - Cloud Identity role at Mqreferrals posted?
This role was posted on June 25, 2026 (14 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.
How much experience does the Senior Security Engineer - Cloud Identity role at Mqreferrals require?
This is a senior-level position. Most senior roles call for 5+ years of directly relevant experience. Mqreferrals lists their specific requirements in the description below, so review the must-have qualifications closely before applying.
Similar Jobs
Senior Software Engineer - Developer Infrastructure
Klaviyo
Senior Security Engineer - Detection and Response
Klaviyo
Senior Security Engineer - Detection and Response
Klaviyo
Senior Director, Product Marketing
Klaviyo
Senior Director, Product Marketing
Klaviyo
More Jobs at Mqreferrals
View all →AI-powered job search
Get every job scored to your resume
Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.
Get started freeNo credit card to start