• Proactively monitor Marqeta’s environment for cyber threat activity and manage day-to-day security alerts through timely analysis, triage, and appropriate response actions • Serve as incident commander during security events, directing investigation strategies and coordinating cross-functional response efforts • Execute incident response activities aligned with the NIST Incident Response Lifecycle to detect, contain, eradicate, recover, and learn from cybersecurity incidents • Contribute to the maintenance and improvement of the Cybersecurity Incident Response Plan (CIRP), playbooks, runbooks, and standard operating procedures to ensure consistent and effective response operations • Participate in 24x7x365 on-call rotations, providing skilled guidance during security incidents and contributing to thorough post-incident reviews • Research threat intelligence sources and contribute to hypothesis-driven threat hunting initiatives to uncover threats in corporate and production environments • Work closely with Security Engineering to tune security solutions, enhance detection capabilities, and leverage business knowledge to improve security monitoring • Design, develop, and maintain detection logic using a detections-as-code approach, collaborating with Security Solution Engineering to deploy detections through CI/CD pipelines into our SIEM and EDR platforms • Contribute to detection coverage mapped to MITRE ATT&CK framework, identifying gaps in visibility and supporting detection development prioritization based on threat intelligence and business risk • Coordinate with HR, law enforcement, response retainers, and cyber insurers as required, including support on cyber-crime financial fraud use cases • Support the development of less-experienced security team members through knowledge sharing, pair investigations, and leading by example • Partner with Fraud, Compliance, and Risk teams on security events involving payment systems, cardholder data, or regulatory reporting obligations under PCI DSS and related frameworks

• Proactively monitor Marqeta’s environment for cyber threat activity and manage day-to-day security alerts through timely analysis, triage, and appropriate response actions • Serve as incident commander during security events, directing investigation strategies and coordinating cross-functional response efforts • Execute incident response activities aligned with the NIST Incident Response Lifecycle to detect, contain, eradicate, recover, and learn from cybersecurity incidents • Contribute to the maintenance and improvement of the Cybersecurity Incident Response Plan (CIRP), playbooks, runbooks, and standard operating procedures to ensure consistent and effective response operations • Participate in 24x7x365 on-call rotations, providing skilled guidance during security incidents and contributing to thorough post-incident reviews • Research threat intelligence sources and contribute to hypothesis-driven threat hunting initiatives to uncover threats in corporate and production environments • Work closely with Security Engineering to tune security solutions, enhance detection capabilities, and leverage business knowledge to improve security monitoring • Design, develop, and maintain detection logic using a detections-as-code approach, collaborating with Security Solution Engineering to deploy detections through CI/CD pipelines into our SIEM and EDR platforms • Contribute to detection coverage mapped to MITRE ATT&CK framework, identifying gaps in visibility and supporting detection development prioritization based on threat intelligence and business risk • Coordinate with HR, law enforcement, response retainers, and cyber insurers as required, including support on cyber-crime financial fraud use cases • Support the development of less-experienced security team members through knowledge sharing, pair investigations, and leading by example • Partner with Fraud, Compliance, and Risk teams on security events involving payment systems, cardholder data, or regulatory reporting obligations under PCI DSS and related frameworks

Role Description We are seeking a talented Vulnerability Researcher or Exploit Engineer to join our security research team. This role focuses on discovering, analyzing, and demonstrating vulnerabilities in mobile platforms (Android, iOS) and desktop operating systems (Windows). You will contribute to the development of advanced security capabilities while working with cutting-edge tools and techniques in vulnerability research, reverse engineering, and exploitation. Successful candidates will have demonstrable expertise in at least one of our target platforms and a strong foundation in security principles. - Conduct security research on mobile (Android, iOS) and desktop (Windows) platforms to identify novel vulnerabilities and attack surfaces - Develop proof-of-concept exploits and technical demonstrations of discovered vulnerabilities - Perform reverse engineering and binary analysis on platform code and third-party applications - Analyze platform architecture, system libraries, and kernel components to understand security mechanisms - Document findings with technical depth, including vulnerability chain analysis and impact assessment - Contribute to the development of automated tools and frameworks for vulnerability discovery and exploitation - Collaborate with cross-functional teams to understand customer requirements and technical constraints - Stay current with platform updates, security patches, and emerging vulnerability classes Qualifications - Hands-on experience with at least one of the following platforms: Android, iOS, or Windows - Strong understanding of operating system internals (kernel architecture, process management, memory management, IPC mechanisms) - Proficiency in reverse engineering tools and techniques (debuggers, disassemblers, binary instrumentation) - Experience with one or more programming/scripting languages (C, C++, Python, JavaScript, Java, or assembly) - Familiarity with common vulnerability classes and exploitation techniques (memory corruption, logic flaws, permission bypass, etc.) - Ability to communicate technical findings clearly in writing and through presentations - Experience working in a security-conscious environment with proper handling of sensitive vulnerability information - US citizen with ability to obtain government security clearance Requirements - Published security research, public vulnerability disclosures, or relevant conference presentations - Experience with mobile platform instrumentation and debugging (Frida, lldb, Android Studio debugger) - Expertise in wireless communications, messaging protocols (SMS, RCS, IMS), or network-level attack vectors - Proficiency with firmware analysis and hardware security concepts - Experience with malware analysis and threat research - Background in threat modeling and security architecture assessment - Experience developing automation tools for security research (test harnesses, instrumentation frameworks) - Current TS/SCI security clearance Benefits - Comfort in chaos — you do your best work when requirements are incomplete, the environment is unfamiliar, and the answer is not obvious - Customer obsession with an engineering backbone — you care deeply about outcomes, and you have the technical depth to deliver them - Intellectual honesty — you tell customers and colleagues what is true, including when the honest answer is uncomfortable or inconvenient - Bias toward action — you make informed decisions quickly, execute, and adjust; paralysis under ambiguity is not in your vocabulary - Extreme ownership — you follow problems all the way to resolution, never stopping at the handoff - Builder instinct — when something does not exist that should exist, you build it; when something is broken, you fix it rather than file a ticket about it - Restless curiosity — you go deep on customer domains, not just your own product, because you understand that credibility is built on comprehension - Clear, confident communication — you can hold your own in a boardroom and equally in a terminal window; you adjust register without losing substance

• Design, implement, and maintain scalable data pipelines and data processing systems aligned with Oportun’s data architecture standards. • Collaborate with data scientists, analysts, and engineering teams to integrate data solutions into applications, analytics platforms, and workflows. • Develop and optimize ETL/ELT processes using modern data platforms such as Databricks. • Write efficient and scalable code using Python and SQL for data transformation, validation, and ingestion. • Ensure data quality, consistency, and reliability through validation, monitoring, and testing practices. • Support data platform monitoring and troubleshooting by investigating pipeline failures and contributing to root cause analysis. • Automate repetitive data workflows to improve efficiency and scalability across data operations. • Contribute to the documentation of data pipelines, data models, and system architecture. • Partner with governance and compliance teams to ensure alignment between data practices and organizational standards. • Perform other engineering-related tasks and initiatives as assigned within the Data Engineering function.