Staff Security Engineer - Data Protection (Data Security Architect), R…
AledadeSalary not specified
- Full Time
- Senior (5 to 8 years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Data Privacy, Cloud Security, Information SecurityIndustries
Requirements
Candidates should have 5+ years of experience in security engineering or information security roles, a deep understanding of software and hardware security principles and attack surfaces, demonstrated experience with SOC 2 Type I/II and GDPR implementation, strong knowledge of data protection laws and the responsibilities of a DPO, and clear communication skills. Strong understanding of AWS and Bluetooth security technologies is required, and privacy or security certifications such as CIPP/E, CISSP, or CEH are preferred.
Responsibilities
The Lead Security Engineer & DPO will own the security posture of the company across software, hardware, infrastructure, and third-party services, partner with engineering teams to review designs and ensure secure implementation practices, lead threat modeling and secure development lifecycle (SDLC) processes, build and maintain internal tooling and automation, coordinate penetration testing and manage the response to the results, serve as the escalation point for security incidents and coordinate response efforts, maintain and improve logging, monitoring, and alerting systems, conduct root cause analyses and lead post-mortem reviews for security events, lead SOC 2 Type II and GDPR compliance initiatives, manage third-party risk assessments and vendor security reviews, define, maintain, and socialize internal security and privacy policies, oversee employee security awareness training and audits, monitor compliance with GDPR and other data protection laws, advise internal teams on privacy impact assessments (DPIAs), data retention, and lawful bases for processing, serve as the primary point of contact for data subject requests (DSARs) and supervisory authorities, ensure privacy-by-design is embedded into engineering and product development, leading the process of responding to security questionnaire from vendors and companies who use us as a data processor, act as a security and privacy design partner across product, hardware, legal, and engineering, and communicate security risks and mitigations to leadership and business teams.
Skills
Security Architecture
Threat Modeling
Secure Development Lifecycle (SDLC)
Penetration Testing
Incident Response
SOC 2 Compliance
GDPR Compliance
Data Privacy
Risk Management
Security Policies
Security Operations
Monitoring and Alerting
Data Subject Rights
Privacy Impact Assessments (DPIAs)
BrightAI
Digitizes physical assets for legacy enterprises
About BrightAI
BrightAI transforms traditional industries by digitizing physical assets and processes using technologies like the Internet of Things (IoT), Edge AI, cloud computing, and mobile technologies. The company primarily serves legacy enterprises, helping them modernize their operations to become more competitive in the global market. By quickly integrating its solutions, BrightAI drives immediate improvements in cash flow, creating a cycle of growth and profitability for its clients. The goal is to make digital transformation accessible and affordable for a wide range of businesses.
Key Metrics
San Francisco, CaliforniaHeadquarters
2019Year Founded
$14.6MTotal Funding
SEEDCompany Stage
Data & Analytics, Industrial & Manufacturing, AI & Machine LearningIndustries
51-200Employees