Staff Security Engineer, Data Protection

Summary

Join SandboxAQ, a high-growth, fully remote technology company, as a Data Protection Engineer. You will be responsible for ensuring the security and privacy of SandboxAQ and customer data, developing data classification and monitoring strategies, and working within AWS and GCP environments. This critical role involves assisting product teams, acting as a steward of CUI data, automating vulnerability detection and incident response, and collaborating with various teams. You will also document privacy architectures and data flows. The position requires U.S. citizenship and experience managing data confidentiality, integrity, and availability in cloud environments. Competitive salary, stock options, and generous benefits are offered.

Requirements

• U.S. citizenship is required due to USG contract requirements
• Experienced in managing confidentiality, integrity and availability of data within cloud environments, both manually and through automation
• Have an understanding of industry best practices and tooling, including their limitations
• Proficient in risk-based decision making as it applies to data classification
• Have worked with CUI data and are familiar with CMMC 2.0 / NIST 800-171 controls
• Able to develop sensible data retention policies
• Strong communication skills and ability to work across different groups to build consensus on scalable data design patterns

Responsibilities

• Work cross-functionally to ensure security and privacy of SandboxAQ and customer data
• Develop strategies and automation around data classification and monitoring
• Work within AWS and GCP environments making sure our systems are configured correctly and architected following best security practices
• Assist product teams in design of multi-tenant SaaS products
• Act as the steward of CUI data within our organization
• Automate vulnerability detection, data loss prevention (DLP), and privacy incident response across cloud platforms
• Collaborate with the development, DevOps, and InfoSec team to integrate privacy solutions into CI/CD pipelines
• Document privacy architectures, data flows, and technical implementations

Preferred Qualifications

• Have actively participated in standing up SOC2 compliance
• Practical experience with GDPR / CPPA / similar conformance
• Experience with GCP DLP and Amazon Macie
• Experience with Infra-as-code, such as Terraform or similar
• Reliability engineering mentality: ability to design scalable, maintainable, and testable infrastructure

Benefits

• Medical/dental/vision
• Family planning/fertility
• PTO (summer and winter breaks)
• Financial wellness resources
• 401(k) plans