Offensive Security Engineer

Who We Are

Addepar is a global technology and data company that helps investment professionals provide the most informed, precise guidance for their clients. Hundreds of thousands of users have entrusted Addepar to empower smarter investment decisions and better advice over the last decade. With client presence in more than 50 countries, Addepar's platform aggregates portfolio, market and client data for over $8 trillion in assets. Addepar's open platform integrates with more than 100 software, data and services partners to deliver a complete solution for a wide range of firms and use cases. Addepar embraces a global flexible workforce model with offices in New York City, Salt Lake City, Chicago, London, Edinburgh, Pune and Dubai.

The Role

A member of the Security Engineering team at Addepar has a broad range of responsibilities and security expertise that is used to solve unique problems and help build the most secure platform for our clients. We are looking for an experienced Security Engineer who is a self-starter, takes ownership of their work, and thrives in a collaborative environment. Our Security Engineers contribute to initiatives across the Secure SDLC, cloud security, internal assessments, and much more! This role’s primary focus is to emulate real attackers, turn findings into fixes, and raise the bar through tooling, purple teaming, and hands-on testing across Addepar’s stack.

What You’Ll Do

• Own offensive engagements, including red teams and assumed‑breach exercises, adversary emulation, and goal‑driven purple team work aligned to real threats and business impact
• Test applications and APIs end‑to‑end: authNZ flows, business logic, and modern web patterns; deliver clear PoCs that demonstrate impact and paths to fix
• Evaluate cloud and infrastructure attack paths, such as identity/IAM escalation, network segmentation, secrets exposure, container/orchestration risks and validate exploit chains safely
• Turn findings into action: triage and validate vulnerabilities, partner with engineers on pragmatic remediation, verify fixes, and prevent class‑repeat issues by collaborating with AppSec and CloudSec to build secure‑by‑default patterns
• Act as an offensive security subject-matter expert to help triage issues with our SOC
• Mentor and coach junior Security Engineers’ through their assessments, and support our Security Champions
• Identify, validate, and triage vulnerabilities from multiple sources. Act as a trusted partner to engineering teams by guiding remediation and improving overall security posture

Who You Are

• 4+ years of experience in an information security-related role
• Bachelor’s degree or higher, preferably in Computer Science, Engineering, or a related field
• A passion for security and a desire to work on a high-tempo, supportive team where you can continue learning on the job
• Strong understanding of networking (including the OSI model), HTTP protocol, and core Application Security principles
• Ability to build strong relationships and work effectively across teams and functions
• Excellent verbal and written communication skills, with the ability to deliver results under time-sensitive conditions
• Proficient in one or more programming languages, including at least one scripting language
• Hands-on penetration testing experience
• OSCP (or similar) certification
• Experience with AWS is a strong plus
• CTF participation is a bonus

Our Values

• Act Like an Owner - Think and operate with intention, purpose and care. Own outcomes.
• Build Together - Collaborate to unlock the best solutions. Deliver lasting value. 
• Champion Our Clients - Exceed client expectations. Our clients’ success is our success. 
• Drive Innovation - Be bold and unconstrained in problem solving. Transform the industry. 
• Embrace Learning - Engage our community to broaden our perspective. Bring a growth mindset. 

In addition to our core values, Addepar is proud to be an equal opportunity employer. We seek to bring together diverse ideas, experiences, skill sets, perspectives, backgrounds and identities to drive innovative solutions. We commit to promoting a welcoming environment where inclusion and belonging are held as a shared responsibility.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

PHISHING SCAM WARNING: Addepar is among several companies recently made aware of a phishing scam involving con artists posing as hiring managers recruiting via email, text and social media. The imposters are creating misleading email accounts, conducting remote “interviews,” and making fake job offers in order to collect personal and financial information from unsuspecting individuals. Please be aware that no job offers will be made from Addepar without a formal interview process. Additionally, Addepar will not ask you to purchase equipment or supplies as part of your onboarding process. If you have any questions, please reach out to TAinfo@addepar.com.