Lead Security Engineer and Data Protection Officer

Summary

Join us as our Lead Security Engineer & Data Protection Officer (DPO) and play a key leadership role in a high-growth company. This dual role combines technical leadership in software and hardware security with accountability for data privacy and compliance. You will drive security architecture, incident response, and compliance with standards like SOC 2 and GDPR, while guiding the organization's data protection responsibilities. You will partner with engineering teams, lead threat modeling, build security tooling, and manage security incidents. You will also oversee compliance initiatives, risk assessments, and employee security training. As DPO, you will monitor GDPR compliance, advise on privacy matters, and handle data subject requests. This role requires strong cross-functional collaboration and communication skills.

Requirements

• 5+ years of experience in security engineering or information security roles
• Deep understanding of software and hardware security principles and attack surfaces
• Demonstrated experience with SOC 2 Type I/II and GDPR implementation
• Strong knowledge of data protection laws and the responsibilities of a DPO
• Clear, persuasive communicator comfortable working with technical and non-technical teams
• Strong understanding of AWS and Bluetooth security technologies

Responsibilities

• Own the security posture of the company across software, hardware, infrastructure, and third-party services
• Partner with engineering teams to review designs and ensure secure implementation practices
• Lead threat modeling and secure development lifecycle (SDLC) processes
• Build and maintain internal tooling and automation to support security operations
• Coordinate penetration testing and managing the response to the results
• Serve as the escalation point for security incidents and coordinate response efforts
• Maintain and improve logging, monitoring, and alerting systems
• Conduct root cause analyses and lead post-mortem reviews for security events
• Lead SOC 2 Type II and GDPR compliance initiatives
• Manage third-party risk assessments and vendor security reviews
• Define, maintain, and socialize internal security and privacy policies
• Oversee employee security awareness training and audits
• Monitor compliance with GDPR and other data protection laws
• Advise internal teams on privacy impact assessments (DPIAs), data retention, and lawful bases for processing
• Serve as the primary point of contact for data subject requests (DSARs) and supervisory authorities
• Ensure privacy-by-design is embedded into engineering and product development
• Leading the process of responding to security questionnaire from vendors and companies who use us as a data processor
• Act as a security and privacy design partner across product, hardware, legal, and engineering
• Communicate security risks and mitigations to leadership and business teams
• Represent the company in external security audits and customer security evaluations

Preferred Qualifications

• Experience serving as a DPO or equivalent privacy leadership role
• Familiarity with embedded systems or connected hardware product security
• Experience with security automation and compliance tooling
• Privacy or security certifications (e.g., CIPP/E, CISSP, CEH, or equivalent)

Benefits

• Play a key leadership role at a high-growth, mission-driven company
• Shape the security and privacy culture across all levels of the organization
• Work with a collaborative, forward-thinking team on products that matter