[Hiring] Cloud Security Engineer @Addi

Role Description

This is where you come in. Below, you’ll find what this role is all about—the impact you’ll drive, the challenges you’ll tackle, and what it takes to thrive at Addi. If you’re ready to be part of something big, keep reading.

What’s the mission you’ll drive:

• Own and drive cloud security across Addi's AWS infrastructure, laying the technical foundation for a mature, scalable cloud security program.
• Build CNAPP from scratch, harden the cloud environment, and establish secure infrastructure-as-code standards using Terraform.
• Reduce cloud risk while enabling the team to move fast.

What you will do:

• Conduct a comprehensive cloud security assessment across all AWS accounts within the first 60 days, producing a prioritized findings inventory and a remediation roadmap.
• Ensure 100% of critical and high-severity findings are remediated in the SLA.
• Design, configure, and operationalize CrowdStrike CNAPP from the ground up, achieving full AWS environment coverage.
• Enable continuous posture monitoring, misconfiguration detection, and threat detection across cloud workloads.
• Assess the current Terraform codebase and define secure IaC standards and best practices.
• Ensure ≥80% of new infrastructure deployments follow the defined standards.
• Own and maintain the cloud security controls required to sustain ISO 27001 certification.
• Ensure zero critical gaps in cloud-related control domains and deliver necessary evidence and documentation for ongoing audits.
• Establish continuous cloud security monitoring and alerting within CrowdStrike NG-SIEM.
• Ensure all critical cloud events are correlated and actionable, with defined SLAs for response to cloud-originated alerts.

Qualifications

• Deep AWS Security Expertise (Must-Have)
• Hands-on experience securing AWS environments, including IAM, VPC, S3, CloudTrail, GuardDuty, Security Hub, and KMS.
• Strong understanding of the AWS shared responsibility model, attack surface management, and cloud-native threat vectors.
• Proven ability to assess and harden AWS environments against CIS Benchmarks, AWS Well-Architected Security Pillar, and ISO 27001 controls.
• CNAPP / CSPM Operational Experience (Must-Have)
• Experience operating CNAPP or CSPM platforms (CrowdStrike Falcon Cloud Security, Wiz, Prisma Cloud, or equivalent) in production environments.
• Ability to configure detection rules, suppress false positives, and translate posture findings into actionable remediation tasks for engineering teams.
• Comfortable building cloud security dashboards and reporting for technical and non-technical audiences.
• Cloud Vulnerability & Risk Management (Must-Have)
• Experience managing cloud security findings end to end, from identification and prioritization through remediation tracking and closure.
• Ability to assess risk based on exploitability, exposure, and business impact rather than CVSS score alone.
• Track record of driving cross-functional remediation with engineering and platform teams.
• Collaboration & Communication (Must-Have)
• Comfortable working as an individual contributor embedded in a cybersecurity team, partnering closely with platform and engineering teams.
• Able to translate complex cloud security risks into clear, prioritized recommendations for both technical and business stakeholders.
• Terraform & Secure IaC (Nice to Have)
• Hands-on experience writing and reviewing Infrastructure as Code in production AWS environments.
• Experience implementing security controls within IaC pipelines, including static analysis tools (e.g., Checkov, tfsec), secrets detection, and least privilege IAM patterns.
• Ability to assess existing infrastructure code, identify security gaps, and drive adoption of secure coding standards across engineering teams.
• Compliance & Audit Support (Nice-to-Have)
• Familiarity with ISO 27001 requirements as they apply to cloud environments.
• Experience gathering and maintaining evidence for cloud-related control domains in support of audits and certifications.

Benefits

• Work on a problem that truly matters – redefining how people shop, pay, and bank in Colombia.
• Be part of something big from the ground up – help shape a company, influencing technology, strategy, culture, and values.
• Unparalleled growth opportunity – work in a high-impact role in a rapidly scaling company.
• Join a world-class team – collaborate with top-tier talent in an environment focused on excellence and ownership.
• Competitive compensation & meaningful ownership – receive a generous salary, equity, and comprehensive benefits.

How the hiring process looks like

• Step 1: People Interview (30 min) - A conversation with a recruiter or hiring manager.
• Step 2: Initial Interview (45 min) - An in-depth conversation with our Engineering Manager.
• Step 3: Case Study (3-5 Days) - A real-world challenge or case study to complete.
• Step 4: Deep Dive Interview (30 min) - Meet future colleagues and cross-functional team members.
• Step 5: Co-Founder Interview - A final conversation with our Founder to align on expectations and cultural fit.