Lead Security Engineer & Data Protection Officer (DPO)

Position Overview

• Location Type: Remote
• Job Type: Full-time
• Reports to: VP of Cloud and Mobile

We’re seeking a Lead Security Engineer who will also serve as the company’s Data Protection Officer (DPO). This dual role combines deep technical leadership in software and hardware security with accountability for data privacy, compliance, and protection practices. You’ll drive security architecture, incident response, and compliance with standards like SOC 2 and GDPR, while also guiding the organization’s responsibilities for data subject rights and privacy-by-design.

Key Responsibilities

Security Engineering & Architecture

• Own the security posture of the company across software, hardware, infrastructure, and third-party services.
• Partner with engineering teams to review designs and ensure secure implementation practices.
• Lead threat modeling and secure development lifecycle (SDLC) processes.
• Build and maintain internal tooling and automation to support security operations.
• Coordinate penetration testing and managing the response to the results.

Security Operations & Incident Response

• Serve as the escalation point for security incidents and coordinate response efforts.
• Maintain and improve logging, monitoring, and alerting systems.
• Conduct root cause analyses and lead post-mortem reviews for security events.

Compliance & Risk Management

• Lead SOC 2 Type II and GDPR compliance initiatives.
• Manage third-party risk assessments and vendor security reviews.
• Define, maintain, and socialize internal security and privacy policies.
• Oversee employee security awareness training and audits.

Data Protection Officer (DPO) Responsibilities

• Monitor compliance with GDPR and other data protection laws.
• Advise internal teams on privacy impact assessments (DPIAs), data retention, and lawful bases for processing.
• Serve as the primary point of contact for data subject requests (DSARs) and supervisory authorities.
• Ensure privacy-by-design is embedded into engineering and product development.
• Leading the process of responding to security questionnaire from vendors and companies who use us as a data processor.

Cross-Functional Collaboration

• Act as a security and privacy design partner across product, hardware, legal, and engineering.
• Communicate security risks and mitigations to leadership and business teams.
• Represent the company in external security audits and customer security evaluations.

Qualifications

Required:

• 5+ years of experience in security engineering or information security roles.
• Deep understanding of software and hardware security principles and attack surfaces.
• Demonstrated experience with SOC 2 Type I/II and GDPR implementation.
• Strong knowledge of data protection laws and the responsibilities of a DPO.
• Clear, persuasive communicator comfortable working with technical and non-technical teams.
• Strong understanding of AWS and Bluetooth security technologies.

Preferred:

• Experience serving as a DPO or equivalent privacy leadership role.
• Familiarity with embedded systems or connected hardware product security.
• Experience with security automation and compliance tooling.
• Privacy or security certifications (e.g., CIPP/E, CISSP, CEH, or equivalent).

Why Join Us?

• Play a key leadership role at a high-growth, mission-driven company.
• Shape the security and privacy culture across all levels of the organization.
• Work with a collaborative, forward-thinking team on products that matter.