Staff Cloud Security Engineer

Addepar is a global data and AI platform empowering investment professionals to turn complex financial information into actionable intelligence. It unifies portfolio, market, and client data in a total portfolio view and delivers AI-powered insights within investment and client workflows. More than 1,400 firms in nearly 60 countries use Addepar to manage and advise on nearly $9 trillion in assets. The platform integrates with nearly 650 software, data, and consulting partners to power end-to-end investment operations across firms of all sizes and complexity. Addepar supports clients worldwide with offices in New York City, Salt Lake City, London, Edinburgh, Pune, Dubai, Geneva, and São Paulo.

• Extensive experience in security with several years of hands-on building and securing AWS in production, multi-account environments
• Bachelor’s degree in CS/Engineering or equivalent practical experience
• Clear written and verbal communication skills with the ability to influence across teams and mentor others
• Expertise across AWS security best practices with deep knowledge of native AWS services
• Advanced Terraform experience including module creation, remote execution environments, and integrating security checks into CI
• Extensive experience with Python and the boto3 library
• Deep networking knowledge
• Strong Linux, container, Kubernetes, secrets management, and CI/CD fundamentals
• Experience with policy-as-code (OPA, Rego), GitOps (GitHub Actions, Argo CD), and Zero Trust solutions

• Maintain and iterate on Addepar’s Swiss AWS environment to enforce data locality restrictions, ensure core infrastructure is secure and operational, and integrate security best practices, policies, and solutions
• Partner closely with Addepar’s Swiss Infrastructure Operations team to ensure the highest security standards are observed across the estate
• Contribute to the Cloud Security team’s design and hardening of a multi-account AWS environment using Organizations, Control Tower, SCPs, and custom tools and guardrails
• Design and build secure networking and private resource access patterns for both human and programmatic use
• Author and maintain Terraform code to deploy security infrastructure and contribute to a secure Terraform module registry
• Write and support CI checks using policy-as-code (OPA) and IaC scanning to enforce best practices at scale
• Automate vulnerability detection and remediation using native AWS technologies, including event-driven architecture and serverless workflows
• Strengthen identity and secrets management with federation and role design, ABAC, IAM policy reviews, KMS strategy, and effective use of Secrets Manager and Parameter Store
• Utilize discovery tools and cloud native logging to perform investigations, resource discovery, and troubleshooting
• Participate in infrastructure design reviews and cloud security assessments, producing clear and actionable assessment reports
• Partner with engineering teams to deliver secure business outcomes and measure impact through coverage, prevention, and response metrics
• Act as an escalation point for Addepar’s Security Operations Center

Applicants must have legal authorization to work in the country where this role is based on the first day of employment. Visa sponsorship is not available for this position.

PHISHING SCAM WARNING: Addepar warns about phishing scams involving imposters posing as hiring managers. No job offers will be made without a formal interview process. Addepar will not ask candidates to purchase equipment or supplies as part of onboarding.