Senior Product Security Engineer
New York, NY

Job Description

Information Security at Addepar is committed to making our organization, products, and services as secure as possible. Product (Application) Security plays an integral role in defining the security narrative for the Product and Engineering teams, ensuring security is embedded into existing and new services Addepar launches. Product Security engineers use pragmatic, empathetic, and timely approach to provide actionable advice while also considering the challenges in delivering high-quality products and services. Our mission is to enable Addepar to safely and securely launch new initiatives and services promptly.

As a Senior Product Security Engineer, you deeply understand the technology stack used at Addepar; you aim to identify and eliminate security vulnerabilities proactively. Your focus is forward-facing, building tools and services that ensure the safety of the Addepar platform and its valued client data against commonly known attacks. You will lead within the Information Security team by scoping and delivering tooling and services while mentoring your teammates to ensure they are delivering in line with our team culture and practices.

The Product Security team works on the following:

* Perform application threat modeling
* Create the guiding application security documentation and advice to engineers
* Coordinate and perform manual and automated code tests
* Ownership and coordination of automation initiatives and projects
* Ownership and coordination of the periodic application penetration tests and Bug Bounty program
* Perform ad-hoc application and code security scans
* Conduct analysis and share the root cause of common security issues within the code and how to avoid them
* Act as the technical leader and mentor within Information Security as well as Product and Engineering teams

Requirements

* We expect each Product Security Engineer to add a unique set of expertise that contributes to the essential skill of relating to software developers. As a senior member of the team, you are well-versed in the following domains:

5+ years of relevant work experience on an internal security team, working either on the offensive or defensive sides of securityDemonstrate the ability to understand and discover attack surfaces, live and breath commonly known attacks such as Cross-Site Scripting, Remote Code Execution while navigating the source code comfortablyDemonstrate a firm understanding of cryptographic dos and don'tsHave built and implemented security tooling and solutions in the product lifecycle, including security tooling for the Continuous Integration and Deployment pipelineFamiliarity and previous experience using Metasploit, Burp Suite, fuzzing, and Jenkins strongly preferredPossess the restlessness ability and desire to break thingsDemonstrate an understanding of application architectural patterns, such as MVC, microservices, event-driven architectures, etc.

Addepar is the financial operating system that brings common sense and data-driven investing to our financial world. Addepar gives asset owners and advisors a clearer financial picture at every level, all in one place. It handles all types of assets denominated in any currency. With customizable reporting, financial advisors can visualize and communicate relevant information to anyone who needs it. Secure, scalable, and fast, Addepar is purpose-built to power the global financial system. Hundreds of single and multi-family offices, wealth advisors, large financial institutions, endowments, and foundations manage over $1 trillion of assets on the Addepar platform. Addepar has offices in Mountain View, New York City, Salt Lake City.

At Addepar, we rely on a range of backgrounds, experiences, and ideas. We value diversity, and we're proud to be an inclusive, equal opportunity workplace.