Staff Cloud Security Engineer

Who We Are

Addepar is a global data and AI platform empowering investment professionals to turn complex financial information into actionable intelligence. Addepar unifies portfolio, market and client data in a total portfolio view and delivers AI-powered insights within investment and client workflows. More than 1,400 firms in nearly 60 countries use Addepar to manage and advise on nearly $9 trillion in assets. Its open platform integrates with nearly 650 software, data and consulting partners to power end-to-end investment operations across firms of all sizes and complexity. Addepar supports clients worldwide with offices in New York City, Salt Lake City, London, Edinburgh, Pune, Dubai, Geneva and São Paulo.

The Role

Join Addepar’s Cloud Security team as a Sr. Cloud Security Engineer focused on building, automating, and maintaining security infrastructure and controls at scale. This role emphasizes AWS, Terraform, Python, and sophisticated networking. As part of the Cloud Security team, you will lead complex initiatives, collaborate closely with platform, operations, and data teams, and help establish paved roads and guardrails across a multi-account environment.

Applicants must have legal authorization to work in the country where this role is based on the first day of employment. Visa sponsorship is not available for this position.

What You’ll Do

The primary responsibility of this role will be to maintain and iterate on Addepar’s Swiss AWS environment to enforce data locality restrictions, ensure core infrastructure is secure and operational, and integrate security best practices, policies and solutions

Partner closely with Addepar’s Swiss Infrastructure Operations team to ensure that the highest security standards are observed across the estate

Contribute to the Cloud Security team’s design and hardening of a multi-account AWS environment using Organizations, Control Tower, SCPs, and custom tools and guardrails

Design and build secure networking and private resource access patterns for both human and programmatic use

Author and maintain Terraform code to deploy security infrastructure and contribute to a secure Terraform module registry

Write and support CI checks using policy-as-code (OPA) and IaC scanning to enforce best practices at scale

Automate vulnerability detection and remediation using native AWS technologies, including event-driven architecture and serverless workflows

Strengthen identity and secrets management with federation and role design, ABAC, IAM policy reviews, KMS strategy, and effective use of Secrets Manager and Parameter Store

Utilize discovery tools and cloud native logging to perform investigations, resource discovery, and troubleshooting

Participate in infrastructure design reviews and cloud security assessments, producing clear and actionable assessment reports

Partner with engineering teams to deliver secure business outcomes and measure impact through coverage, prevention, and response metrics

A