Senior Detection & Response Engineer - UK Remote

Senior Security Engineer - Detection & Response - EU/UKRemote, UKWe are seeking a UK-based Senior Security Engineer to join our Security Operations and Response Team as a senior individual contributor.In this role, you will investigate and respond to security incidents across Marqeta's environment, proactively monitor for cyber threats, and serve as incident commander during security events of varying severity. You will contribute to the development and improvement of response methodologies aligned with the NIST Incident Response Lifecycle and help maintain cybersecurity incident response documentation. This position requires strong expertise in incident response, digital forensics, threat hunting, and security monitoring technologies. You will collaborate across teams, contribute to detection engineering efforts, and participate in 24x7 on‑call rotations. The role reports to the Manager of Security Operations and Response.This role can be performed remotely anywhere in the UK, or from our London, UK office. We'd love for you to join us!The Impact You'll HaveProactively monitor Marqeta's environment for cyber threat activity and manage day‑to‑day security alerts through timely analysis, triage, and appropriate response actionsServe as incident commander during security events, directing investigation strategies and coordinating cross‑functional response effortsExecute incident response activities aligned with the NIST Incident Response Lifecycle to detect, contain, eradicate, recover, and learn from cybersecurity incidentsContribute to the maintenance and improvement of the Cybersecurity Incident Response Plan (CIRP), playbooks, runbooks, and standard operating procedures to ensure consistent and effective response operationsParticipate in 24x7x365 on‑call rotations, providing skilled guidance during security incidents and contributing to thorough post‑incident reviewsResearch threat intelligence sources and contribute to hypothesis‑driven threat hunting initiatives to uncover threats in corporate and production environmentsWork closely with Security Engineering to tune security solutions, enhance detection capabilities, and leverage business knowledge to improve security monitoringDesign, develop, and maintain detection logic using a detections‑as‑code approach, collaborating with Security Solution Engineering to deploy detections through CI/CD pipelines into our SIEM and EDR platformsContribute to detection coverage mapped to MITRE ATT&CK framework, identifying gaps in visibility and supporting detection development prioritization based on threat intelligence and business riskCoordinate with HR, law enforcement, response retainers, and cyber insurers as required, including support on cyber‑crime financial fraud use casesSupport the development of less‑experienced security team members through knowledge sharing, pair investigations, and leading by examplePartner with Fraud, Compliance, and Risk teams on security events involving payment systems, cardholder data, or regulatory reporting obligations under PCI DSS and related frameworksWho You Are5+ years of hands‑on experience in security operations with strong expertise in incident response, digital forensics, and threat huntingExperience serving as an incident commander or leading incident response workstreams, with the ability to make sound decisions under pressureStrong knowledge of the NIST Incident Response Lifecycle and experience contributing to incident response documentation and proceduresProficiency with security monitoring and forensic tools including EDR, SIEM, and SOAR systemsExperience developing detections‑as‑code, including familiarity with version control, CI/CD pipelines, and detection testing frameworksWorking knowledge of MITRE ATT&CK and experience using it to assess detection coverage and map threat actor TTPsExperience contributing to post‑incident reviews and implementing security improvements based on lessons learnedSolid understanding of threat actor TTPs and ability to apply threat intelligence to enhance detection and response capabilitiesExperience tuning security solutions and developing automation workflows to improve monitoring effectiveness and response efficiencyWorking knowledge of AWS cloud services and securing cloud environmentsAbility to effectively communicate with technical and non‑technical stakeholders during security incidents and investigationsExperience in payment processing, fintech, or other highly regulated environments; familiarity with PCI DSS incident handling requirements a plusProven ability to work independently while demonstrating sound judgment about when to engage team members or elevate issuesWillingness to mentor and support the growth of junior security professionals in incident response techniquesBenefitsPremium Private Medical and Dental coverageGenerous time off program with additional “Floating Holiday days”Retirement savings program with company contributionEquity in a publicly‑traded company and an Employee Stock Purchase ProgramMonthly stipend to support our remote work modelAnnual development stipend to support our people's growth and developmentFamily‑forming benefits and up to 20 weeks of Parental LeaveWellbeing programs i.e. Modern Health, HealthKick and much moreEqual Employment Opportunity, Accommodations and PrivacyMarqeta is an equal opportunity employer committed to an inclusive workplace that fosters belonging. We do not discriminate based on race, color, religion, sex (including pregnancy, lactation, childbirth, or related medical conditions), veteran status or uniformed service member status, age, national origin or ancestry, citizenship or immigration status, physical or mental disability, gender identity, gender expression, sexual orientation, genetic information (including testing or characteristics) or any other characteristic protected by applicable law. We also consider qualified applicants with criminal histories, consistent with legal requirements.Marqeta endeavors to make reasonable accommodations for applicants with disabilities. If you are an individual with a disability and require a reasonable accommodation to submit this application, complete any pre‑employment testing, or otherwise participate in the employee selection process, please submit this form with your specific accommodation request.Personal data that is provided as part of the application and recruitment process is processed in accordance with the Applicant Privacy Notice. Additional information for California residents can be found here.#J-18808-Ljbffr

Senior Security Engineer - Detection & Response - EU/UKRemote, UKWe are seeking a UK-based Senior Security Engineer to join our Security Operations and Response Team as a senior individual contributor.In this role, you will investigate and respond to security incidents across Marqeta's environment, proactively monitor for cyber threats, and serve as incident commander during security events of varying severity. You will contribute to the development and improvement of response methodologies aligned with the NIST Incident Response Lifecycle and help maintain cybersecurity incident response documentation. This position requires strong expertise in incident response, digital forensics, threat hunting, and security monitoring technologies. You will collaborate across teams, contribute to detection engineering efforts, and participate in 24x7 on‑call rotations. The role reports to the Manager of Security Operations and Response.This role can be performed remotely anywhere in the UK, or from our London, UK office. We'd love for you to join us!The Impact You'll HaveProactively monitor Marqeta's environment for cyber threat activity and manage day‑to‑day security alerts through timely analysis, triage, and appropriate response actionsServe as incident commander during security events, directing investigation strategies and coordinating cross‑functional response effortsExecute incident response activities aligned with the NIST Incident Response Lifecycle to detect, contain, eradicate, recover, and learn from cybersecurity incidentsContribute to the maintenance and improvement of the Cybersecurity Incident Response Plan (CIRP), playbooks, runbooks, and standard operating procedures to ensure consistent and effective response operationsParticipate in 24x7x365 on‑call rotations, providing skilled guidance during security incidents and contributing to thorough post‑incident reviewsResearch threat intelligence sources and contribute to hypothesis‑driven threat hunting initiatives to uncover threats in corporate and production environmentsWork closely with Security Engineering to tune security solutions, enhance detection capabilities, and leverage business knowledge to improve security monitoringDesign, develop, and maintain detection logic using a detections‑as‑code approach, collaborating with Security Solution Engineering to deploy detections through CI/CD pipelines into our SIEM and EDR platformsContribute to detection coverage mapped to MITRE ATT&CK framework, identifying gaps in visibility and supporting detection development prioritization based on threat intelligence and business riskCoordinate with HR, law enforcement, response retainers, and cyber insurers as required, including support on cyber‑crime financial fraud use casesSupport the development of less‑experienced security team members through knowledge sharing, pair investigations, and leading by examplePartner with Fraud, Compliance, and Risk teams on security events involving payment systems, cardholder data, or regulatory reporting obligations under PCI DSS and related frameworksWho You Are5+ years of hands‑on experience in security operations with strong expertise in incident response, digital forensics, and threat huntingExperience serving as an incident commander or leading incident response workstreams, with the ability to make sound decisions under pressureStrong knowledge of the NIST Incident Response Lifecycle and experience contributing to incident response documentation and proceduresProficiency with security monitoring and forensic tools including EDR, SIEM, and SOAR systemsExperience developing detections‑as‑code, including familiarity with version control, CI/CD pipelines, and detection testing frameworksWorking knowledge of MITRE ATT&CK and experience using it to assess detection coverage and map threat actor TTPsExperience contributing to post‑incident reviews and implementing security improvements based on lessons learnedSolid understanding of threat actor TTPs and ability to apply threat intelligence to enhance detection and response capabilitiesExperience tuning security solutions and developing automation workflows to improve monitoring effectiveness and response efficiencyWorking knowledge of AWS cloud services and securing cloud environmentsAbility to effectively communicate with technical and non‑technical stakeholders during security incidents and investigationsExperience in payment processing, fintech, or other highly regulated environments; familiarity with PCI DSS incident handling requirements a plusProven ability to work independently while demonstrating sound judgment about when to engage team members or elevate issuesWillingness to mentor and support the growth of junior security professionals in incident response techniquesBenefitsPremium Private Medical and Dental coverageGenerous time off program with additional “Floating Holiday days”Retirement savings program with company contributionEquity in a publicly‑traded company and an Employee Stock Purchase ProgramMonthly stipend to support our remote work modelAnnual development stipend to support our people's growth and developmentFamily‑forming benefits and up to 20 weeks of Parental LeaveWellbeing programs i.e. Modern Health, HealthKick and much moreEqual Employment Opportunity, Accommodations and PrivacyMarqeta is an equal opportunity employer committed to an inclusive workplace that fosters belonging. We do not discriminate based on race, color, religion, sex (including pregnancy, lactation, childbirth, or related medical conditions), veteran status or uniformed service member status, age, national origin or ancestry, citizenship or immigration status, physical or mental disability, gender identity, gender expression, sexual orientation, genetic information (including testing or characteristics) or any other characteristic protected by applicable law. We also consider qualified applicants with criminal histories, consistent with legal requirements.Marqeta endeavors to make reasonable accommodations for applicants with disabilities. If you are an individual with a disability and require a reasonable accommodation to submit this application, complete any pre‑employment testing, or otherwise participate in the employee selection process, please submit this form with your specific accommodation request.Personal data that is provided as part of the application and recruitment process is processed in accordance with the Applicant Privacy Notice. Additional information for California residents can be found here.#J-18808-Ljbffr

• 

• Government Careers