Staff Cloud Security Engineer

Addepar is a global technology and data company that helps investment professionals provide the most informed, precise guidance for their clients. Hundreds of thousands of users have entrusted Addepar to empower smarter investment decisions and better advice over the last decade. With client presence in more than 50 countries, Addepar's platform aggregates portfolio, market and client data for over $8 trillion in assets. Addepar's open platform integrates with more than 100 software, data and services partners to deliver a complete solution for a wide range of firms and use cases. Addepar embraces a global flexible workforce model with offices in New York City, Salt Lake City, Chicago, London, Edinburgh, Pune, Dubai, and Geneva.

Join Addepar’s Cloud Security team as a Staff Cloud Security Engineer focused on building, automating, and maintaining security infrastructure and controls at scale. This role emphasizes AWS, Terraform, Python, and sophisticated networking. As part of the Cloud Security team, you will lead complex initiatives, collaborate closely with platform, operations, and data teams, and help establish paved roads and guardrails across a multi-account environment.

• The primary responsibility of this role will be to maintain and iterate on Addepar’s Swiss AWS environment to enforce data locality restrictions, ensure core infrastructure is secure and operational, and integrate security best practices, policies and solutions.
• Partner closely with Addepar’s Swiss Infrastructure Operations team to ensure that the highest security standards are observed across the estate.
• Contribute to the Cloud Security team’s design and hardening of a multi-account AWS environment using Organizations, Control Tower, SCPs, and custom tools and guardrails.
• Design and build secure networking and private resource access patterns for both human and programmatic use.
• Author and maintain Terraform code to deploy security infrastructure and contribute to a secure Terraform module registry.
• Write and support CI checks using policy-as-code (OPA) and IaC scanning to enforce best practices at scale.
• Automate vulnerability detection and remediation using native AWS technologies, including event-driven architecture and serverless workflows.
• Strengthen identity and secrets management with federation and role design, ABAC, IAM policy reviews, KMS strategy, and effective use of Secrets Manager and Parameter Store.
• Utilize discovery tools and cloud native logging to perform investigations, resource discovery, and troubleshooting.
• Participate in infrastructure design reviews and cloud security assessments, producing clear and actionable assessment reports.
• Partner with engineering teams to deliver secure business outcomes and measure impact through coverage, prevention, and response metrics.
• Act as an escalation point for Addepar’s Security Operations Center.

• 5+ years in security with 3+ years hands-on building and securing AWS in production, multi-account environments.
• Bachelor’s degree in CS/Engineering or equivalent practical experience.
• Clear written and verbal communication skills with the ability to influence across teams and mentor others.
• Expertise across AWS security best practices with deep knowledge of native AWS services.
• Advanced Terraform experience including module creation, remote execution environments, and integrating security checks into CI.
• Extensive experience with Python and the boto3 library.
• Deep networking knowledge.
• Strong Linux, container, K8s, secrets management, and CI/CD fundamentals.
• Experience with policy-as-code (OPA, Rego), GitOps (GitHub Actions, Argo CD), and Zero Trust solutions.

• Act Like an Owner - Think and operate with intention, purpose and care. Own outcomes.
• Build Together - Collaborate to unlock the best solutions. Deliver lasting value.
• Champion Our Clients - Exceed client expectations. Our clients’ success is our success.
• Drive Innovation - Be bold and unconstrained in problem solving. Transform the industry.
• Embrace Learning - Engage our community to broaden our perspective. Bring a growth mindset.

In addition to our core values, Addepar is proud to be an equal opportunity employer. We seek to bring together diverse ideas, experiences, skill sets, perspectives, backgrounds and identities to drive innovative solutions. We commit to promoting a welcoming environment where inclusion and belonging are held as a shared responsibility.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

PHISHING SCAM WARNING: Addepar is among several companies recently made aware of a phishing scam involving con artists posing as hiring managers recruiting via email, text and social media. The imposters are creating misleading email accounts, conducting remote “interviews,” and making fake job offers in order to collect personal and financial information from unsuspecting individuals. Please be aware that no job offers will be made from Addepar without a formal interview process. Additionally, Addepar will not ask you to purchase equipment or supplies as part of your onboarding process. If you have any questions, please reach out to TAinfo@addepar.com.