Docker, IncRemote
Senior Security Engineer, Privacy (Eastern Time Zone Preferred)
United States
Full-time
1 week ago
$88,000 - $110,000 USD
No H1B
Key skills
GRC programsprivacy engineeringautomationcompliance monitoringprogramming languagespublic cloud environmentssecurity frameworksrisk assessmentssubject matter expertindustry certificationsproject managementcommunication skillsadaptabilityPythonGolangAWSAzureGCPDockerCloud StorageSaaSSDLCCI/CDProject ManagementRisk Management
About this role
Docker, Inc is a company that simplifies app development for developers worldwide. They are seeking a Senior Security Engineer, Privacy to ensure security and privacy are integrated into their products while managing compliance with various frameworks and regulations.
Responsibilities:
- Embed privacy-by-design principles into Docker products, services, and internal platforms, aligned with ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations
- Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines
- Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness
- Implement and customize GRC and privacy tooling using APIs, scripting, and automation to streamline evidence collection, control validation, and compliance operations
- Lead and automate data discovery, classification, and data mapping across Docker systems to maintain accurate Records of Processing Activities (RoPA) and support data lifecycle governance
- Conduct and operationalize security risk assessments and Data Protection Impact Assessments (DPIAs), integrating findings into Docker’s risk register and remediation tracking
- Define, implement, and validate data protection and data lifecycle controls, including data minimization, retention, deletion, and access controls
- Build and maintain dashboards and security/privacy metrics to provide real-time visibility into risk, compliance posture, and program effectiveness
- Support internal and external audits by providing high-quality, automated evidence and serving as a subject matter expert for security and privacy controls
- Draft, maintain, and map security and privacy policies, standards, and procedures to relevant regulatory and industry frameworks
- Conduct privacy reviews of existing and new products, features, and significant changes to ensure compliance requirements are met prior to release
- Build awareness and enablement across Docker by educating teams on security, privacy, and compliance expectations and best practices
- Stay current with evolving regulatory, privacy, and security standards and proactively assess their impact on Docker’s products and operations
Requirements:
- 6–8 years of experience in information technology, security engineering, governance, risk and compliance, privacy engineering, or closely related roles
- Proven experience designing and implementing GRC programs with a strong emphasis on automation, engineering, and scalable processes
- Hands-on experience implementing or operating privacy programs aligned with GDPR and ISO/IEC 27701, including privacy-by-design and privacy-by-default principles
- Strong understanding of privacy engineering concepts such as data minimization, purpose limitation, data lifecycle management, and technical data protection controls
- Proficiency in one or more programming or scripting languages such as Python or Golang, with experience building automation for compliance and privacy workflows
- Experience working with APIs, webhooks, and integrating GRC, privacy, and security tooling
- Hands-on experience with public cloud environments (AWS, Azure, or GCP), including applying privacy and data protection controls across backup systems, data lakes, and distributed cloud storage services
- Experience integrating security and compliance requirements into SDLC and CI/CD pipelines using DevSecOps practices
- Solid understanding of security frameworks and regulatory standards such as ISO 27xxx, SOC 2, GDPR, and NIST, and how they apply to SaaS environments
- Knowledge of information security risk management and common security technologies (e.g., SIEM, vulnerability management, data loss prevention, endpoint protection)
- Experience conducting security risk assessments, data protection impact assessments (DPIAs), and translating findings into actionable remediation plans
- Strong project management skills with the ability to lead cross-functional initiatives involving engineering, product, legal, and compliance stakeholders
- Ability to communicate complex technical, privacy, and compliance concepts clearly to both technical and non-technical audiences
- Demonstrated ability to serve as a subject matter expert and trusted advisor on security, privacy, and compliance risks
- Ability to thrive in a fast-paced, evolving environment and adapt to changing regulatory and business requirements
- Nice to have: relevant industry certifications such as CISSP, CISA, CRISC, CIPP/E, CIPM, CIPT, or ISO/IEC 27701 Lead Implementer or Auditor