Job description
Basic Function
This role exists to embed privacy into each phase of our software development lifecycle (SDLC), ensuring that our products uphold the highest data protection standards. The Senior Privacy Engineer will lead the design and implementation of technical privacy controls so that our platform is architected and coded with privacy at its core. Success in this position requires deep expertise in privacy engineering principles, strong collaboration with engineering and product teams, and the ability to translate regulatory requirements into practical, scalable solutions. This position will be expected to proactively identify and remediate technical privacy risks, coach developers on best practices, and continuously improve our privacy tooling and processes to support the company’s growth.
Essential Functions and Responsibilities:
Assist the Privacy Engineering Manager in designing and implementing Lumin Digital’s Privacy by Design program. This program aims to shift privacy left into the product development function to reduce risks to individuals before code is ever shipped.
Embed privacy requirements into the product roadmap and design specifications by collaborating with product managers, designers, and architects to ensure that features are built with privacy by design goals before development begins.
Conduct privacy-focused code and architecture reviews to identify and remediate risky data-handling patterns, ensuring that personal information is processed only as intended.
Own the integration and tuning of Privado’s Static Code Analysis tool in CI/CD pipelines to automatically flag misuse of personal data, and partner with Engineering to resolve flagged issues and reduce privacy debt.
Translate regulatory and framework requirements (e.g., GLBA, CCPA/CPRA, NIST Privacy Framework, etc.) into technical controls and strategies - such as data minimization, access restrictions, and retention enforcement - that developers can implement consistently.
Perform privacy threat modeling and technical risk assessments (e.g., LINDDUN, STRIDE, etc.) for new systems and features that process PII, then drive the implementation of mitigation strategies to prevent data misuse or unauthorized access.
Design and maintain privacy‐aware system architectures, including privacy-preserving and secure data flows, storage, and processing models (e.g., data isolation, encryption in transit and at rest) so that services default to privacy‐first configurations in our cloud‐native microservices environment.
Develop and enhance automation and privacy tooling, including custom scripts, SDKs, or integrations with consent management platforms, to help the Privacy Engineering team streamline data lifecycle management, fulfill access and deletion requests, support process automation, and continuously improve our privacy posture.
Coach developers on purpose‐based data tagging so that PII data elements are labeled with their intended use, enabling foundational rules for data lifecycle management and ensuring data flows respect declared purposes.
Collaborate with Legal, Compliance, and Security teams to align on privacy governance, contribute to internal policy & standards development, and ensure technical implementations support evolving regulatory requirements.
Monitor and report on privacy KPIs and metrics.
Perform other duties as assigned.
Position Specifications
Education:
Bachelor’s or Masters degree in Engineering, Security, or Privacy preferred
CIPP/US, CIPT, CIPM, or CDPSE certification preferred
Experience:
Eight (8) years of software engineering or security engineering experience, with at least three (3) years in a full-time privacy engineering role required.
Three (3) years of hands-on experience embedding privacy into the software development lifecycle, ideally having led multiple projects where privacy requirements were translated into tangible technical controls.
Five (5) years of experience with cloud-native microservices architectures (e.g., AWS, Databricks, etc.), containerization / Kubernetes, and modern microservices architectures.
Experience working within the banking or fintech industries is preferred.
Three (3) years of experience evaluating system designs and data flows, identifying privacy gaps, and prescribing secure, privacy-first architectures (encryption, isolation, data partitioning, etc.).
Hands-on experience conducting privacy threat modeling via LINDDUN and/or STRIDE and translating outstanding privacy risks into actionable mitigations.
Three (3) years of experience turning privacy risk assessments into concrete mitigation steps, where you’ve collaborated closely with product, privacy, security, and legal stakeholders to ensure privacy-preserving architectures.
Two (2) years of demonstrated experience successfully deploying and configuring data discovery solutions like static analysis / privacy-scanner tools (e.g., Privado, Semgrep) and enterprise data mapping solutions (e.g., Secuvy, BigID, Security.ai, etc.).
Knowledge, Skills, & Abilities:
Ability to read and write code, conducting privacy-focused code reviews and creating light automation scripts to enforce and streamline privacy controls. Strong hands-on skills in one or more languages such as Python, Java, Go, or JavaScript, with proven ability to design and review scalable code.
Proficiency in writing automation scripts (Bash, Python) to build custom privacy checks or integrate privacy gates into Jenkins / GitLab CI pipelines.
Understanding of static code analysis tools (e.g., Privado, Semgrep, etc.) and familiarity with integrating them into CI/CD workflows.
Deep technical understanding of privacy principles: data minimization, data retention strategies, purpose limitation, access controls, secure deletion, and privacy-by-design and default strategies.
Familiar with advanced privacy-enhancing technologies, such as differential privacy, anonymization, federated learning, and tokenization.
Familiarity with AWS IAM policies, Terraform (or CloudFormation) for provisioning privacy-safe environments, and Open Policy Agent (OPA) for policy enforcement.
Knowledge of the LINDDUN or STRIDE-based privacy threat modeling frameworks.
Working knowledge of relevant privacy frameworks and regulations (e.g., NIST Privacy Framework, GLBA, GDPR, CCPA / CPRA), and the ability to translate legal and business requirements into technical controls.
Excellent interpersonal skills to partner effectively with engineering, product, legal, and compliance teams, and to articulate complex privacy concepts to both technical and non-technical audiences.
Self-starter mindset with the ability to identify emerging privacy risks, drive continuous improvement in privacy tooling, and coach developers on implementing privacy best practices.
Comfortable working in regulated or B2B2C environments (finance, healthcare, edtech).
Travel:
Minimal, generally 12 days or less per year, ~2X team get-togethers a year
$175,000 - $200,000 a year
LIFE AT LUMIN DIGITAL
Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.
At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.
All qualified applicants, including those with arrest or conviction records, will be considered for employment. Any conditional offer will include a notice regarding the review of the candidate’s criminal history as part of the hiring process.
For more information, visit lumindigital.com.
