Site Reliability Engineering - Cloud Security Engineer
Addepar is seeking an intelligent and forward-thinking security professional to join the Addepar Site Reliability Engineering (SRE). This exciting role within the Security Engineering and Operations team will help you define the future of the cloud at Addepar. With Financial data becoming the new most valuable resource, companies are leveraging platforms like Addepar to leverage their data's value in a governed way. As a Cloud Security Engineer, you will drive the secure design and delivery of a world-class cloud-native platform, leveraging your expertise for all areas of cloud infrastructure. Your responsibilities will include partnering with development, engineering, and cloud operations to embed security by design to enable rapid adoption and transformation of cloud services.
The SRE Cloud Security Engineer leverages extensive experience in information systems and security to develop strategies and solutions that adapt to changing threats over the long term. The architect develops architectures, solutions, and standards and works closely with other Site Reliability Engineering Engineers and IT practice leads to promote secure designs, implement and manage Information and Cyber Security practices across the Addepar.
Candidate must have a strong hands-on technical background and must demonstrate operational, architectural and security expertise at all layers of the OSI stack inclusive of the cloud. The candidate must be highly collaborative and is expected to partner and mentor effectively with other teams on an ongoing basis.
- Strong conceptual thinking and communication skills - the ability to translate complex business and technical requirements into effective and comprehensible solutions.
- Contributes to the development and maintenance of Addepar’s information security strategy.
- Works closely with enterprise architects, other functional area architects, and security specialists to ensure adequate security solutions are in place throughout all SRE systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
- Serves as a security expert in application development (including dev/sec/ops), database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and SRE security policies, industry regulations, and best practices.
- Researches designs and advocates new technologies, architectures, and security products supporting security requirements for the enterprise and its customers, business partners, and vendors.
- Manage multiple engagements while maintaining company quality standards, executes projects as project leader, and at a times lead SecOps Engineer.
- Analyzes business impact and exposure, based on emerging security threats, vulnerabilities, and risks.
- Identifies regulatory, governance, and policy gaps and proposes relevant solutions.
- Develop, continuously improve, and ensure compliance with, controls built for the cloud-native platform.
- Assess technology, cybersecurity, and privacy risks within client environments and the related controls and provide practical remediation plans
- Conclude on the business impact to the organization as it relates to identified cybersecurity, technology, and/or privacy risks
- Proactively manage client issues and expectations. Understand and appreciate the firm’s model of balancing client needs with profitability
- Review and evaluate SRE environment including SRE systems, processes, and controls to ensure compliance with prevailing regulatory laws and requirements
- Work with Addepar clients to test for compliance with various prevailing regulatory laws, requirements, and standards including but not limited to Sarbanes-Oxley Act of 2002, SOC2, NYDFS, GDPR, CCPA, PCI DSS, ISO 27001, CMMC, etc.
- Ensure engagement reporting observations and recommendations are based on a complete understanding of the process, circumstances, and risk
- Prepare formal written reports providing recommendations for management to strengthen and improve operations in addition to identifying cost or efficiency savings
- Act as a Cyber Security mentor and coach to SRE and other Addepar team members
- Additional tasks include supporting the team during security incidents and investigations; working with broad teams to advance the security posture of Addepar.
- Ability to provide non-business-hours on-call support on rotation
Knowledge & Skills
- A minimum of seven years of experience with the following:
- Working knowledge of Cloud Security Framework, General Data Protection Requirement (GDPR), PCI DSS, SOC 2, ISO 27001/2, NIST 800-171/800-53/NIST 800-37 required.
- Background and understanding of the risks and controls in technologies such as web, cloud, client/server, open systems architecture, data warehousing, and imaging
- Proficient understanding of Cloud Security, Identity and Access Management, ERP, Operating Systems, Databases, and Network Infrastructure components
- Knowledge of risks and controls in emerging technologies based on Blockchain, Internet of Things (IoT), and Artificial Intelligence is a plus
- Experience managing simple and complex information technology internal audits
- Experience managing team of various sizes across geographical boundaries
- Exceptional oral and written communication skills
- Demonstrated ability to manage client engagements and supervise staff
- CISA, CISSP, CCSK, CIPP, or CRISC required
- Bachelor’s or master’s degree in computer science, information systems or other related fields, or equivalent work experience.
- Professional security management certification, such as a ISC(2) Certified Information Systems Security Professional (CISSP), SANS GIAC Information Security Professional (GISP), GIAC-Security Expert (GSE), or GIAC Certified Enterprise Defender (GCED)
- 5 to 10 years of experience required in the following:
- Extensive expertise in NIST and ISO 27000 security practice frameworks.
- Extensive hands-on experience with security infrastructures (e.g. Firewalls, IDS/IPS, VPN, Web Content Filters, Proxies, DLP, SIEM, Log aggregation correlation technologies – both traditional and cloud-based
- Extensive hands-on experience operating one or more common IT infrastructures (Telecom, database, Windows and *NIX server systems, virtualization platforms, Azure Cloud IaaS)
- Proficiency with scripting/programming languages (e.g. Python, Ruby, Powershell)
- Demonstrable expertise with configuration automation practices and toolchains (e.g. Chef, Puppet, Ansible, etc…)
- Expertise with enterprise identity and namespace services (e.g. Active Directory, LDAP, DNS, Oauth, SAML)
- Expertise with enterprise certificate management and PKI services.
- Familiarity with international data privacy and U.S. regulations and best practices.
- Familiarity with security-specific architecture methodology (e.g. SABSA).
- Familiarity with a relevant enterprise architecture methodology (e.g. Zachman Framework, TOGAF).
- Demonstrable experience creating, securing, and managing Cloud infrastructures (e.g. Microsoft Azure)
- Excellent communication skills.
Addepar is a wealth management platform that specializes in data aggregation, analytics and reporting for even the most complex investment portfolios. Founded in 2009 by Joe Lonsdale, who currently serves as an active Chairman of its Board of Directors and General Partner at 8VC, the company's platform aggregates portfolio, market and client data all in one place. It provides asset owners and advisors a clearer financial picture at every level, allowing them to make more informed and timely investment decisions. Addepar works with hundreds of leading financial advisors, family offices and large financial institutions that manage data for over $2 trillion of assets on the company's platform. In 2020, Addepar was named as a Forbes Fintech 50 company and honored as a member of the CB Insights Fintech 250. Addepar is headquartered in Silicon Valley and has offices in New York City and Salt Lake City. All brokerage services offered through Acervus Securities Inc., member FINRA / SIPC.
Addepar is proud to be an equal opportunity employer. We seek to bring together diverse ideas, experiences, skill sets, perspectives, backgrounds, and identities to drive innovative solutions. We commit to promoting a welcoming environment where inclusion and belonging are held as a shared responsibility.
In order to ensure the health and safety of all Addepeeps and our prospective candidates, we have instituted a virtual interview and onboarding experience.