Staff Cloud Security Engineer New Remote, UK

The Role

Join Addepar’s Cloud Security team as a Senior Cloud Security Engineer focused on building, automating, and maintaining security infrastructure and controls at scale. This role emphasizes AWS, Terraform, Python, and sophisticated networking. As part of the Cloud Security team, you will lead complex initiatives, collaborate closely with platform, operations, and data teams, and help establish paved roads and guardrails across a multi-account environment.

What You’ll Do

• The primary responsibility of this role will be to maintain and iterate on Addepar’s Swiss AWS environment to enforce data locality restrictions, ensure core infrastructure is secure and operational, and integrate security best practices, policies and solutions.
• Partner closely with Addepar’s Swiss Infrastructure Operations team to ensure that the highest security standards are observed across the estate.
• Contribute to the Cloud Security team’s design and hardening of a multi-account AWS environment using Organizations, Control Tower, SCPs, and custom tools and guardrails.
• Design and build secure networking and private resource access patterns for both human and programmatic use.
• Author and maintain Terraform code to deploy security infrastructure and contribute to a secure Terraform module registry.
• Write and support CI checks using policy-as-code (OPA) and IaC scanning to enforce best practices at scale.
• Automate vulnerability detection and remediation using native AWS technologies, including event-driven architecture and serverless workflows.
• Strengthen identity and secrets management with federation and role design, ABAC, IAM policy reviews, KMS strategy, and effective use of Secrets Manager and Parameter Store.
• Utilize discovery tools and cloud native logging to perform investigations, resource discovery, and troubleshooting.
• Participate in infrastructure design reviews and cloud security assessments, producing clear and actionable assessment reports.
• Partner with engineering teams to deliver secure business outcomes and measure impact through coverage, prevention, and response metrics.
• Act as an escalation point for Addepar’s Security Operations Center.

Who You Are

• 5+ years in security with 3+ years hands-on building and securing AWS in production, multi-account environments.
• Bachelor’s degree in CS/Engineering or equivalent practical experience.
• Clear written and verbal communication skills with the ability to influence across teams and mentor others.
• Expertise across AWS security best practices with deep knowledge of native AWS services.
• Advanced Terraform experience including module creation, remote execution environments, and integrating security checks into CI.
• Extensive experience with Python and the boto3 library.
• Deep networking knowledge.
• Strong Linux, container, K8s, secrets management, and CI/CD fundamentals.
• Experience with policy-as-code (OPA, Rego), GitOps (GitHub Actions, Argo CD), and Zero Trust solutions.

Our Values

• Act Like an Owner – Think and operate with intention, purpose and care. Own outcomes.
• Build Together – Collaborate to unlock the best solutions. Deliver lasting value.
• Champion Our Clients – Exceed client expectations. Our clients’ success is our success.
• Drive Innovation – Be bold and unconstrained in problem solving. Transform the industry.
• Embrace Learning – Engage our community to broaden our perspective. Bring a growth mindset.

In addition to our core values, Addepar is proud to be an equal opportunity employer. We seek to bring together diverse ideas, experiences, skill sets, perspectives, backgrounds and identities to drive innovative solutions. We commit to promoting a welcoming environment where inclusion and belonging are held as a shared responsibility.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Note: This description excludes non-relevant boilerplate such as marketing sections, external links, and extended data privacy notices that are not part of the core job responsibilities or requirements.