Offensive Security Engineer New Remote, UK

Overview

Addepar is a global technology and data company that helps investment professionals provide the most informed, precise guidance for their clients. Addepar’s platform aggregates portfolio, market and client data for trillions in assets and integrates with numerous software, data and services partners. Addepar embraces a global flexible workforce model with offices in New York City, Salt Lake City, Chicago, London, Edinburgh, Pune and Dubai.

The Role

A member of the Security Engineering team at Addepar has a broad range of responsibilities and security expertise used to solve unique problems and help build the most secure platform for our clients. We are looking for an experienced Security Engineer who is a self-starter, takes ownership of their work, and thrives in a collaborative environment. Our Security Engineers contribute to initiatives across the Secure SDLC, cloud security, internal assessments, and more. This role’s primary focus is to emulate real attackers, turn findings into fixes, and raise the bar through tooling, purple teaming, and hands-on testing across Addepar’s stack.

What You’ll Do

• Own offensive engagements, including red teams and assumed‑breach exercises, adversary emulation, and goal‑driven purple team work aligned to real threats and business impact
• Test applications and APIs end‑to‑end: authNZ flows, business logic, and modern web patterns; deliver clear PoCs that demonstrate impact and paths to fix
• Evaluate cloud and infrastructure attack paths, such as identity/IAM escalation, network segmentation, secrets exposure, container/orchestration risks and validate exploit chains safely
• Turn findings into action: triage and validate vulnerabilities, partner with engineers on pragmatic remediation, verify fixes, and prevent class‑repeat issues by collaborating with AppSec and CloudSec to build secure‑by‑default patterns
• Act as an offensive security subject-matter expert to help triage issues with our SOC
• Mentor and coach junior Security Engineers through their assessments, and support our Security Champions
• Identify, validate, and triage vulnerabilities from multiple sources. Act as a trusted partner to engineering teams by guiding remediation and improving overall security posture

Who You Are

• 4+ years of experience in an information security-related role
• Bachelor’s degree or higher, preferably in Computer Science, Engineering, or a related field
• A passion for security and a desire to work on a high-tempo, supportive team where you can continue learning on the job
• Strong understanding of networking (including the OSI model), HTTP protocol, and core Application Security principles
• Ability to build strong relationships and work effectively across teams and functions
• Excellent verbal and written communication skills, with the ability to deliver results under time-sensitive conditions
• Proficient in one or more programming languages, including at least one scripting language
• OSCP (or similar) certification
• Experience with AWS is a strong plus
• CTF participation is a bonus

Our Values

• Act Like an Owner – Think and operate with intention, purpose and care. Own outcomes.
• Build Together – Collaborate to unlock the best solutions. Deliver lasting value.
• Champion Our Clients – Exceed client expectations. Our clients’ success is our success.
• Drive Innovation – Be bold and unconstrained in problem solving. Transform the industry.
• Embrace Learning – Engage our community to broaden our perspective. Bring a growth mindset.

Addepar is an equal opportunity employer. We seek to bring together diverse ideas, experiences, skill sets, perspectives, backgrounds and identities to drive innovative solutions. We commit to promoting a welcoming environment where inclusion and belonging are held as a shared responsibility.