Senior Security Engineer, Privacy

Overview

Job Description

Responsibilities

• - Embed privacy-by-design principles into Docker products, services, and internal platforms, aligned with ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations.
• - Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines.
• - Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness.
• - Implement and customize GRC and privacy tooling using APIs, scripting, and automation to streamline evidence collection, control validation, and compliance operations.
• - Lead and automate data discovery, classification, and data mapping across Docker systems to maintain accurate Records of Processing Activities (RoPA) and support data lifecycle governance.
• - Conduct and operationalize security risk assessments and Data Protection Impact Assessments (DPIAs), integrating findings into Docker’s risk register and remediation tracking.
• - Define, implement, and validate data protection and data lifecycle controls, including data minimization, retention, deletion, and access controls.
• - Build and maintain dashboards and security/privacy metrics to provide real-time visibility into risk, compliance posture, and program effectiveness.
• - Support internal and external audits by providing high-quality, automated evidence and serving as a subject matter expert for security and privacy controls.
• - Draft, maintain, and map security and privacy policies, standards, and procedures to relevant regulatory and industry frameworks.
• - Conduct privacy reviews of existing and new products, features, and significant changes to ensure compliance requirements are met prior to release.
• - Build awareness and enablement across Docker by educating teams on security, privacy, and compliance expectations and best practices.
• - Stay current with evolving regulatory, privacy, and security standards and proactively assess their impact on Docker’s products and operations.

Required Skills

• - 6–8 years of experience in information technology, security engineering, governance, risk and compliance, privacy engineering, or closely related roles.
• - Proven experience designing and implementing GRC programs with a strong emphasis on automation, engineering, and scalable processes.
• - Hands-on experience implementing or operating privacy programs aligned with GDPR and ISO/IEC 27701, including privacy-by-design and privacy-by-default principles.
• - Strong understanding of privacy engineering concepts such as data minimization, purpose limitation, data lifecycle management, and technical data protection controls.
• - Proficiency in one or more programming or scripting languages such as Python or Golang, with experience building automation for compliance and privacy workflows.
• - Experience working with APIs, webhooks, and integrating GRC, privacy, and security tooling.
• - Hands-on experience with public cloud environments (AWS, Azure, or GCP), including applying privacy and data protection controls across backup systems, data lakes, and distributed cloud storage services.
• - Experience integrating security and compliance requirements into SDLC and CI/CD pipelines using DevSecOps practices.
• - Solid understanding of security frameworks and regulatory standards such as ISO 27xxx, SOC 2, GDPR, and NIST, and how they apply to SaaS environments.
• - Knowledge of information security risk management and common security technologies (e.g., SIEM, vulnerability management, data loss prevention, endpoint protection).
• - Experience conducting security risk assessments, data protection impact assessments (DPIAs), and translating findings into actionable remediation plans.
• - Strong project management skills with the ability to lead cross-functional initiatives involving engineering, product, legal, and compliance stakeholders.
• - Ability to communicate complex technical, privacy, and compliance concepts clearly to both technical and non-technical audiences.
• - Demonstrated ability to serve as a subject matter expert and trusted advisor on security, privacy, and compliance risks.
• - Ability to thrive in a fast-paced, evolving environment and adapt to changing regulatory and business requirements.

Benefits

• - Freedom & flexibility; fit your work around your life
• - Designated quarterly Whaleness Days plus end of year Whaleness break
• - Home office setup; we want you comfortable while you work
• - 16 weeks of paid Parental leave
• - Technology stipend equivalent to $100 net/month
• - PTO plan that encourages you to take time to do the things you enjoy
• - Training stipend for conferences, courses and classes
• - Equity; we are a growing start-up and want all employees to have a share in the success of the company
• - Docker Swag
• - Medical benefits, retirement and holidays vary by country
• - Remote-first culture, with offices in Seattle and Paris