Data Security & Privacy Contractor

Job Description: Data Security & Privacy Contractor

Role Type: Contract (6 months, extension possible)

Location: San Jose(From Day 1 Onsite)

Role Overview:

We are seeking a hands-on Data Security & Privacy Contractor to embed privacy and security into our development lifecycle. This role will act as the administrator of our data security/privacy platform, connecting it into engineering environments, driving data classification, data flow and lineage and partnering with teams to secure data flows. The focus is on enabling a shift-left model where data governance and protection become part of how products are designed, built, and released.

Key Responsibilities:

Platform Administration & Engineering Integration

• Administer and configure the data security/privacy platform.
• Integrate the platform into source code repositories, CI/CD pipelines, and engineering systems.
• Analyze scan results, triage anomalies/false positives, and collaborate with developers on remediation.
• Ensure outputs are actionable and embedded into day-to-day dev workflows.

Data Flow Understanding & Classification

• Partner with engineering to map data flows (customer, employee, PII, sensitive data).
• Build and maintain data classification models within the platform.
• Validate classifications with engineering teams and incorporate into design reviews.
• Package outputs into product-level deliverables for data security posture.

Shift-Left Data Security

• Champion a "privacy by design / security by design" approach in product development.
• Integrate data security checks early in the SDLC and CI/CD pipelines.
• Define guardrails for handling PII and sensitive data with engineering leadership.
• Identify and fix risky data practices before release.

Data Lifecycle Management

• Develop and enforce policies for data retention, archival, and secure deletion.
• Minimize storage of sensitive data in non-production systems, logs, and backups.
• Work with engineering and DevOps to ensure encryption and access control at every stage of the lifecycle.
• Establish processes for monitoring data movement across environments (dev, test, prod, cloud).

Broader Data Security Enablement

• Collaborate with AppSec/Product Security on secure coding practices related to data handling.
• Work with Cloud/Infra Security teams on encryption, key management, and access controls.
• Provide reporting on classification coverage, remediation progress, and risk trends.
• Support compliance efforts (ISO, SOC 2, NIST PMF) by ensuring accurate data governance evidence.

Qualifications

• 5+ years in data security, privacy engineering, or product security roles.
• Hands-on experience with data classification/privacy platforms integrated into engineering workflows.
• Strong technical background with source code repositories, CI/CD pipelines, and scanning tools.
• Deep knowledge of data security practices: classification, encryption, access control, minimization, retention, deletion.
• Experience embedding privacy/security into SDLC ("shift-left").
• Familiarity with compliance frameworks (ISO 27001, SOC 2, NIST Privacy Framework) as context, not focus.
• Excellent communication skills to align engineering and compliance stakeholders.

What We're Looking For

A practical data security practitioner;someone who can own the data security/privacy platform end-to-end, work with engineering to understand data flows, and drive real improvements in how data is collected, classified, protected, and retired. The right person will bridge engineering and compliance, enabling us to operationalize data security at scale.