Published: Sat, 21 Jun 2025 18:50:47 GMT
Location:
Remote, with preference for Pacific or Mountain time zones.
Senior Privacy Engineer – Job Description
Position Overview:
The Senior Privacy Engineer will play a crucial role in ensuring our products meet the highest standards of data protection. They will lead the design and implementation of technical privacy controls throughout the software development lifecycle (SDLC). This position requires a strong understanding of privacy engineering principles, collaboration with engineering and product teams, and the ability to translate regulatory requirements into practical solutions. The Senior Privacy Engineer will also proactively identify and remediate technical privacy risks, coach developers on best practices, and continuously improve our privacy processes to support company growth.
Key Responsibilities:
– Design and implement Lumin Digital’s Privacy by Design program, collaborating with the Privacy Engineering Manager.
– Embed privacy requirements into the product roadmap and design specifications by working with product managers, designers, and architects.
– Conduct privacy-focused code and architecture reviews to identify and remediate risky data-handling patterns.
– Integrate and maintain Privado’s Static Code Analysis tool in CI/CD pipelines to automatically flag misuse of personal data.
– Translate regulatory and framework requirements into technical controls and strategies for developers to implement consistently.
– Perform privacy threat modeling and technical risk assessments for new systems and features that process PII.
– Design and maintain privacy-aware system architectures, including privacy-preserving and secure data flows, storage, and processing models.
– Develop and enhance automation and privacy tooling to streamline data lifecycle management and improve our privacy posture.
– Coach developers on purpose-based data tagging to ensure data flows respect declared purposes.
– Collaborate with Legal, Compliance, and Security teams to align on privacy governance and contribute to internal policy and standards development.
– Monitor and report on privacy KPIs and metrics.
– Perform other duties as assigned.
Position Specifications:
Education:
– Bachelor’s or Master’s degree in Engineering, Security, or Privacy preferred.
– CIPP/US, CIPT, CIPM, or CDPSE certification preferred.
Experience:
– 8 years of software engineering or security engineering experience, with at least 3 years in a full-time privacy engineering role.
– 3 years of hands-on experience embedding privacy into the software development lifecycle.
– 5 years of experience with cloud-native microservices architectures and modern microservices architectures.
– Experience working within the banking or fintech industries preferred.
– 3 years of experience evaluating system designs and data flows and prescribing secure, privacy-first architectures.
– Hands-on experience conducting privacy threat modeling and translating privacy risks into actionable mitigations.
– 3 years of experience deploying and configuring data discovery solutions.
– Familiarity with advanced privacy-enhancing technologies.
– Knowledge of relevant privacy frameworks and regulations.
– Excellent interpersonal skills and ability to articulate complex privacy concepts to technical and non-technical audiences.
Knowledge, Skills, & Abilities:
– Ability to read and write code and conduct privacy-focused code reviews.
– Proficiency in writing automation scripts and integrating privacy gates into CI/CD pipelines.
– Understanding of static code analysis tools and integrating them into workflows.
– Deep technical understanding of privacy principles.
– Familiar with advanced privacy-enhancing technologies.
– Familiarity with AWS IAM policies, Terraform, and Open Policy Agent.
– Knowledge of privacy threat modeling frameworks.
– Working knowledge of relevant privacy frameworks and regulations.
– Excellent interpersonal skills and ability to articulate complex privacy concepts.
– Self-starter mindset and comfortable working in regulated environments.
Travel:
Minimal, generally 12 days or less per year, ~2X team get-togethers a year.
Location:
Remote, with preference for Pacific or Mountain time zones. Apply link