Security Engineer

Mountain View, CA
R&D – Engineering
Full-time
Addepar’s Security and DevOps teams focus on making our organization and our products secure while avoiding as much friction as possible. As a Security Engineer, you will have a critical role within the company, working with the Security, DevOps, IT, and Product teams. Your focus will be both proactive and reactive, offensive and defensive - ensuring that we are protecting ourselves and responding to threats appropriately, and also undertaking initiatives to improve our infrastructure and stay ahead of bad actors. 

In this role, you will use your expertise in engineering to iterate on the security roadmap - be it in the realm of application security, infrastructure security, or even organizational security. You should have a drive to automate as many recurring tasks as possible, and solid experience in Java, Python, and / or JavaScript is preferred.

Responsibilities

    • Security automation; automate recurring tasks using Python, shell scripts, etc. Let computers crunch the data so humans can watch for patterns.
    • Work with the product development team to review new features from a security perspective.
    • Create, define, implement, and refine security infrastructure initiatives.
    • Undertake both reactive and proactive incident response.
    • Work with the DevOps team to improve security monitoring and alerting.
    • Assist on regulatory audits, BCP/DR efforts, and other tasks in the InfoSec wheelhouse.
    • Evangelize security and secure coding practices across the engineering team.

Requirements

    • 4+ years of relevant work experience on an internal security team, working both on the offensive and defensive sides of security.
    • Hands-on experience working with cloud infrastructure, specifically AWS, ideally with a SaaS product.
    • Experience performing application security assessments (Burp Suite, Fiddler, etc), both blackboxing and whiteboxing 
    • Experience performing security-focused code reviews.
    • Demonstrated ability in building and/or deploying security tools to automate recurring tasks.
    • Ability to review logs from a security standpoint and identify anomalies.
    • Practical scripting and/or development experience in Java, JavaScript and/or Python.
    • [Bonus] Experience with network monitoring, traffic analysis, and penetration testing.
    • [Bonus] Direct experience working in distributed architecture with Docker/Kubernetes.
    • [Bonus] Demonstrated experience contributing or collaborating with open source projects and/or bug bounties.
Addepar is the financial operating system that brings common sense and data-driven investing to our financial world. Addepar gives asset owners and advisors a clearer financial picture at every level, all in one place. It handles all types of assets denominated in any currency. With customizable reporting, financial advisors can visualize and communicate relevant information to anyone who needs it. Secure, scalable, and fast, Addepar is purpose-built to power the global financial system. Hundreds of single and multi-family offices, wealth advisors, large financial institutions, endowments, and foundations manage over $1 trillion of assets on the Addepar platform. Addepar has offices in Mountain View, New York City, Salt Lake City.

At Addepar, we rely on a range of backgrounds, experiences, and ideas. We value diversity, and we’re proud to be an inclusive, equal opportunity workplace.