Staff Security Engineer

Summary

Join SandboxAQ, a high-growth, fully remote technology company, as a Data Protection Engineer. You will be responsible for ensuring the security and privacy of SandboxAQ and customer data, developing data protection strategies, and working across various teams. This role requires experience in managing data confidentiality, integrity, and availability in cloud environments, understanding of industry best practices, and proficiency in risk-based decision-making. The position demands strong communication skills and the ability to collaborate effectively. U.S. citizenship is required. SandboxAQ offers competitive salaries, stock options, generous learning opportunities, comprehensive benefits, and a commitment to employee growth.

Requirements

• U.S. citizenship is required due to USG contract requirements
• Experienced in managing confidentiality, integrity and availability of data within cloud environments, both manually and through automation
• Have an understanding of industry best practices and tooling, including their limitations
• Proficient in risk-based decision making as it applies to data classification
• Have worked with CUI data and are familiar with CMMC 2.0 / NIST 800-171 controls
• Able to develop sensible data retention policies
• Strong communication skills and ability to work across different groups to build consensus on scalable data design patterns

Responsibilities

• Work cross-functionally to ensure security and privacy of SandboxAQ and customer data
• Develop strategies and automation around data classification and monitoring
• Work within AWS and GCP environments making sure our systems are configured correctly and architected following best security practices
• Assist product teams in design of multi-tenant SaaS products
• Act as the steward of CUI data within our organization
• Automate vulnerability detection, data loss prevention (DLP), and privacy incident response across cloud platforms
• Collaborate with the development, DevOps, and InfoSec team to integrate privacy solutions into CI/CD pipelines
• Document privacy architectures, data flows, and technical implementations

Preferred Qualifications

• Have actively participated in standing up SOC2 compliance
• Practical experience with GDPR / CPPA / similar conformance
• Experience with GCP DLP and Amazon Macie
• Experience with Infra-as-code, such as Terraform or similar
• Reliability engineering mentality: ability to design scalable, maintainable, and testable infrastructure

Benefits

• The US base salary range for this full-time position is expected to be $154k - $216k per year
• This role may be eligible for annual discretionary bonuses and equity
• Competitive salaries
• Stock options depending on employment type
• Generous learning opportunities
• Medical/dental/vision
• Family planning/fertility
• PTO (summer and winter breaks)
• Financial wellness resources
• 401(k) plans