Note: The job is a remote job and is open to candidates in USA. Docker, Inc is a company that simplifies app development for developers worldwide. They are seeking a Senior Security Engineer, Privacy to ensure security and privacy are integrated into their products while managing compliance with various frameworks and regulations.
Responsibilities
• Embed privacy-by-design principles into Docker products, services, and internal platforms, aligned with ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations
• Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines
• Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness
• Implement and customize GRC and privacy tooling using APIs, scripting, and automation to streamline evidence collection, control validation, and compliance operations
• Lead and automate data discovery, classification, and data mapping across Docker systems to maintain accurate Records of Processing Activities (RoPA) and support data lifecycle governance
• Conduct and operationalize security risk assessments and Data Protection Impact Assessments (DPIAs), integrating findings into Docker’s risk register and remediation tracking
• Define, implement, and validate data protection and data lifecycle controls, including data minimization, retention, deletion, and access controls
• Build and maintain dashboards and security/privacy metrics to provide real-time visibility into risk, compliance posture, and program effectiveness
• Support internal and external audits by providing high-quality, automated evidence and serving as a subject matter expert for security and privacy controls
• Draft, maintain, and map security and privacy policies, standards, and procedures to relevant regulatory and industry frameworks
• Conduct privacy reviews of existing and new products, features, and significant changes to ensure compliance requirements are met prior to release
• Build awareness and enablement across Docker by educating teams on security, privacy, and compliance expectations and best practices
• Stay current with evolving regulatory, privacy, and security standards and proactively assess their impact on Docker’s products and operations
Skills
• 6–8 years of experience in information technology, security engineering, governance, risk and compliance, privacy engineering, or closely related roles
• Proven experience designing and implementing GRC programs with a strong emphasis on automation, engineering, and scalable processes
• Hands-on experience implementing or operating privacy programs aligned with GDPR and ISO/IEC 27701, including privacy-by-design and privacy-by-default principles
• Strong understanding of privacy engineering concepts such as data minimization, purpose limitation, data lifecycle management, and technical data protection controls
• Proficiency in one or more programming or scripting languages such as Python or Golang, with experience building automation for compliance and privacy workflows
• Experience working with APIs, webhooks, and integrating GRC, privacy, and security tooling
• Hands-on experience with public cloud environments (AWS, Azure, or GCP), including applying privacy and data protection controls across backup systems, data lakes, and distributed cloud storage services
• Experience integrating security and compliance requirements into SDLC and CI/CD pipelines using DevSecOps practices
• Solid understanding of security frameworks and regulatory standards such as ISO 27xxx, SOC 2, GDPR, and NIST, and how they apply to SaaS environments
• Knowledge of information security risk management and common security technologies (e.g., SIEM, vulnerability management, data loss prevention, endpoint protection)
• Experience conducting security risk assessments, data protection impact assessments (DPIAs), and translating findings into actionable remediation plans
• Strong project management skills with the ability to lead cross-functional initiatives involving engineering, product, legal, and compliance stakeholders
• Ability to communicate complex technical, privacy, and compliance concepts clearly to both technical and non-technical audiences
• Demonstrated ability to serve as a subject matter expert and trusted advisor on security, privacy, and compliance risks
• Ability to thrive in a fast-paced, evolving environment and adapt to changing regulatory and business requirements
• Nice to have: relevant industry certifications such as CISSP, CISA, CRISC, CIPP/E, CIPM, CIPT, or ISO/IEC 27701 Lead Implementer or Auditor
Benefits
• Freedom & flexibility; fit your work around your life
• Designated quarterly Whaleness Days plus end of year Whaleness break
• Home office setup; we want you comfortable while you work
• 16 weeks of paid Parental leave
• Technology stipend equivalent to $100 net/month
• PTO plan that encourages you to take time to do the things you enjoy
• Training stipend for conferences, courses and classes
• Equity; we are a growing start-up and want all employees to have a share in the success of the company
• Docker Swag
• Medical benefits, retirement and holidays vary by country
• Remote-first culture, with offices in Seattle and Paris
Company Overview
• At Docker, we simplify the lives of developers who are making world-changing apps. It was founded in 2011, and is headquartered in Palo Alto, California, USA, with a workforce of 501-1000 employees. Its website is https://www.docker.com.