Position: Senior Security Engineer, Privacy (Eastern Time Zone Preferred)
At Docker, we make app development easier so developers can focus on what matters. Our remote-first team spans the globe, united by a passion for innovation and great developer experiences. With over 20 million monthly users and 20 billion image pulls, Docker is the #1 tool for building, sharing, and running apps—trusted by startups and Fortune 100s alike. We’re growing fast and just getting started.
Come join us for a whale of a ride!
As a Senior Security Engineer, Privacy , you will serve as a trusted advisor at the intersection of security, privacy, and engineering, ensuring governance, risk, compliance, and data protection are foundational to every product and platform. You will collaborate closely with security engineering, engineering, product, legal, and leadership teams to embed security and privacy‑by‑design into Docker’s technology stack while scaling compliance with frameworks such as ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations.
In this role, you will combine deep GRC expertise with hands‑on privacy engineering and automation, developing scalable solutions that streamline compliance processes, improve risk visibility, and operationalize privacy controls. You will design and maintain automated workflows for risk management, compliance monitoring, data protection assessments, and audit readiness, while influencing product strategy and technical design decisions.
This is a highly impactful role for an engineer who thrives at the intersection of policy, code, and architecture, and who is passionate about building secure, privacy‑respecting systems that protect both the platform and the customers who trust it.
Responsibilities:
Embed privacy‑by‑design principles into Docker products, services, and internal platforms, aligned with ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations.
Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines.
Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness.
Implement and customize GRC and privacy tooling using APIs, scripting, and automation to streamline evidence collection, control validation, and compliance operations.
Lead and automate data discovery, classification, and data mapping across Docker systems to maintain accurate Records of Processing Activities (RoPA) and support data lifecycle governance.
Conduct and operationalize security risk assessments and Data Protection Impact Assessments (DPIAs), integrating findings into Docker’s risk register and remediation tracking.
Define, implement, and validate data protection and data lifecycle controls, including data minimization, retention, deletion, and access controls.
Build and maintain dashboards and security/privacy metrics to provide real‑time visibility into risk, compliance posture, and program effectiveness.
Support internal and external audits by providing high‑quality, automated evidence and serving as a subject matter expert for security and privacy controls.
Draft, maintain, and map security and privacy policies, standards, and procedures to relevant regulatory and industry frameworks.
Conduct privacy reviews of existing and new products, features, and significant changes to ensure compliance requirements are met prior to release.
Build awareness and enablement across Docker by educating teams on security, privacy, and compliance expectations and best practices.
Stay current with evolving regulatory, privacy, and security standards and proactively assess their impact on Docker’s products and operations.
Qualifications:
6–8 years of experience in information technology, security engineering, governance, risk and compliance, privacy engineering, or closely related roles.
Proven experience designing and implementing GRC programs with a strong emphasis on automation, engineering, and scalable processes.
Hands‑on experience implementing or operating privacy programs aligned with GDPR and ISO/IEC 27701, including privacy‑by‑design and…
