Security Operations Intern at Mqreferrals

As Marqeta’s Security Operations Intern, you will gain hands-on experience building and validating security operations capabilities for a publicly traded payments technology company. You’ll join the Security Operations and Response team within the Product and Infrastructure Security organization, where you’ll validate and formalize incident response procedures, develop SOAR-based runbook automations, and design tabletop exercises that test our operational readiness against real-world threat scenarios. This role is grounded in security operations fundamentals—procedure development, incident response methodology, and team coordination—with opportunities for exposure to detection engineering and automation workflows. We work Flexible First. This role can be performed remotely anywhere within Ontario or British Columbia, Canada. We’d love for you to join us! This will be a 12 week internship program, beginning on June 1st and running through August 21st, 2026. This position is not for an existing vacancy. The Impact You’ll Have • Validate and formalize incident response procedures aligned to Marqeta’s Cybersecurity Incident Response Plan (CIRP), ensuring documentation is accurate, current, and actionable for both human operators and AI-assisted workflows • Develop SOAR runbook automations in Cortex XSOAR that operationalize validated procedures, translating human-readable response steps into repeatable, automated workflows • Design and facilitate a series of tabletop exercises within the Security organization that test procedure effectiveness, team coordination, and escalation paths across security functions including Security Operations, Compliance/TPRM, and Identity • Contribute to post-exercise improvement reports that drive measurable enhancements to Marqeta’s security posture and operational readiness • Gain exposure to detection engineering and automation workflows, including opportunities to observe and contribute to the team’s detections-as-code pipeline and MITRE ATT&CK coverage mapping Who You Are • Currently pursuing a Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Systems, or a related field, with an expected graduation date between December 2025 and June 2027 • Foundational knowledge of security operations concepts including log analysis, intrusion detection, incident response lifecycles (NIST or similar), and common attack techniques • Familiarity with at least one scripting or programming language (Python, Bash, or similar) and comfort working in Linux and cloud environments (AWS preferred) • Strong written communication skills with the ability to translate technical processes into clear, structured documentation suitable for both operational use and executive audiences • Interest in incident response methodology, security procedure development, and operational readiness—you care about how security teams actually execute under pressure • A proactive, detail-oriented approach to problem-solving with the ability to work independently while knowing when to escalate or ask for guidance Nice-To-Haves • Relevant certifications or coursework such as CompTIA Security+, CySA+, BTL1, or GIAC certifications • Experience with SOAR platforms (Cortex XSOAR, Tines, or similar), SIEM platforms, or EDR tools • Prior internship, co-op, or project experience in a security operations center (SOC) or incident response context • Understanding of or interest in the MITRE ATT&CK framework and how it applies to detection and response operations • Exposure to compliance frameworks relevant to financial services such as PCI DSS • Experience facilitating exercises, workshops, or structured reviews in any context Typical Process • Application Submission • Recruiter Video Call • Hiring Manager Video Call • Final Round consisting of 1-2, 45-60 min calls • Offer! At this point, we hope you're feeling excited about the role. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so again, don’t hesitate to apply — we’d love to hear from you. Compensation and Benefits Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office. To support Flex First, we calibrate pay to a competitive value according to working location. When determining pay, we consider several factors including, but not limited to, skills, prior experience, and work location. The 2026 Internship hourly rate, reflected in CAD, is: 37/hr Along with monetary compensation, Marqeta offers For Interns: • Paid Holidays • A Remote, Flex First Environment • A Mentor and Intern Buddy • Real Life Projects For Full Time Employees: • Multiple health insurance options • Flexible vacation time • Retirement savings program with company contribution • Equity in a publicly-traded company • Monthly stipend to support our remote work model • Annual “development dollars” to support our people growth and development • Family-forming benefits and up to 20 weeks of Parental Leave