Docker, Inc · 14 hours ago
Senior Security Engineer, Privacy
United States
Full-time
Remote
Senior Level
$147K/yr - $184K/yr
6+ years expDocker, Inc. is a remote-first company that simplifies app development for developers worldwide. The Senior Security Engineer, Privacy will act as a trusted advisor, ensuring security and privacy are integrated into Docker's technology stack while managing compliance with various frameworks and regulations.
Developer PlatformDeveloper ToolsInformation TechnologySoftware
No H1B
Responsibilities
Embed privacy-by-design principles into Docker products, services, and internal platforms, aligned with ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations
Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines
Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness
Implement and customize GRC and privacy tooling using APIs, scripting, and automation to streamline evidence collection, control validation, and compliance operations
Lead and automate data discovery, classification, and data mapping across Docker systems to maintain accurate Records of Processing Activities (RoPA) and support data lifecycle governance
Conduct and operationalize security risk assessments and Data Protection Impact Assessments (DPIAs), integrating findings into Docker’s risk register and remediation tracking
Define, implement, and validate data protection and data lifecycle controls, including data minimization, retention, deletion, and access controls
Build and maintain dashboards and security/privacy metrics to provide real-time visibility into risk, compliance posture, and program effectiveness
Support internal and external audits by providing high-quality, automated evidence and serving as a subject matter expert for security and privacy controls
Draft, maintain, and map security and privacy policies, standards, and procedures to relevant regulatory and industry frameworks
Conduct privacy reviews of existing and new products, features, and significant changes to ensure compliance requirements are met prior to release
Build awareness and enablement across Docker by educating teams on security, privacy, and compliance expectations and best practices
Stay current with evolving regulatory, privacy, and security standards and proactively assess their impact on Docker’s products and operations
Qualification
Required
6–8 years of experience in information technology, security engineering, governance, risk and compliance, privacy engineering, or closely related roles
Proven experience designing and implementing GRC programs with a strong emphasis on automation, engineering, and scalable processes
Hands-on experience implementing or operating privacy programs aligned with GDPR and ISO/IEC 27701, including privacy-by-design and privacy-by-default principles
Strong understanding of privacy engineering concepts such as data minimization, purpose limitation, data lifecycle management, and technical data protection controls
Proficiency in one or more programming or scripting languages such as Python or Golang, with experience building automation for compliance and privacy workflows
Experience working with APIs, webhooks, and integrating GRC, privacy, and security tooling
Hands-on experience with public cloud environments (AWS, Azure, or GCP), including applying privacy and data protection controls across backup systems, data lakes, and distributed cloud storage services
Experience integrating security and compliance requirements into SDLC and CI/CD pipelines using DevSecOps practices
Solid understanding of security frameworks and regulatory standards such as ISO 27xxx, SOC 2, GDPR, and NIST, and how they apply to SaaS environments
Knowledge of information security risk management and common security technologies (e.g., SIEM, vulnerability management, data loss prevention, endpoint protection)
Experience conducting security risk assessments, data protection impact assessments (DPIAs), and translating findings into actionable remediation plans
Strong project management skills with the ability to lead cross-functional initiatives involving engineering, product, legal, and compliance stakeholders
Ability to communicate complex technical, privacy, and compliance concepts clearly to both technical and non-technical audiences
Demonstrated ability to serve as a subject matter expert and trusted advisor on security, privacy, and compliance risks
Ability to thrive in a fast-paced, evolving environment and adapt to changing regulatory and business requirements
Preferred
Nice to have: relevant industry certifications such as CISSP, CISA, CRISC, CIPP/E, CIPM, CIPT, or ISO/IEC 27701 Lead Implementer or Auditor
Benefits
Freedom & flexibility; fit your work around your life
Designated quarterly Whaleness Days plus end of year Whaleness break
Home office setup; we want you comfortable while you work
16 weeks of paid Parental leave
Technology stipend equivalent to $100 net/month
PTO plan that encourages you to take time to do the things you enjoy
Training stipend for conferences, courses and classes
Equity; we are a growing start-up and want all employees to have a share in the success of the company
Docker Swag
Medical benefits, retirement and holidays vary by country
Remote-first culture, with offices in Seattle and Paris
Company
Docker, Inc
At Docker, we simplify the lives of developers who are making world-changing apps.
501-1000 employees
Funding
Current Stage
Late StageTotal Funding
$435.86MKey Investors
Bain Capital VenturesTribe CapitalInsight Partners
2022-03-31Series C· $105M
2021-03-16Series B· $23M
2019-11-13Series A· $35M
Leadership Team
Jean-Laurent de Morlhon
Vice President of Software Engineering
K
Kamel Founadi
Founder
Recent News
2026-01-20
2026-01-06
Company data provided by crunchbase