Data Security Engineer - job 1 of 2

🚀 Join the Future of Commerce with Whatnot!

Whatnot is the largest livestream shopping platform in North America and Europe to buy, sell, and discover the things you love. We’re re-defining e-commerce by blending community, shopping, and entertainment into a community just for you. As a remote co-located team, we’re inspired by innovation and anchored in our values. With hubs in the US, UK, Ireland, Poland, and Germany, we’re building the future of online marketplaces—together.

From fashion, beauty, and electronics to rare collectibles like trading cards, comic books, and even live plants, our live auctions have something for everyone.

And we’re just getting started! As one of the fastest growing marketplaces, we’re looking for bold, forward-thinking problem solvers across all functional areas. Check out the latest Whatnot updates on our news and engineering blogs and join us as we enable anyone to turn their passion into a business, and bring people together through commerce.

💻 Role 

The Data Security Engineer is responsible for developing and overseeing technology security systems to help protect those systems and associated ones from the effects of various kinds of cybercrime. Advance our customers' access to our applications and services by offering seamless access control mechanisms, advanced authentication methods, progressive profiling, and a consolidated identity.

• Developing plans for increased security across the systems.

• Putting various protections into place.

• Testing and re-testing systems for known vulnerabilities.

• Monitoring systems for security breaches.

• Investigating those breaches and any other anomalies.

• Design and implement scalable data protection solutions (e.g., encryption, tokenization, DLP, data masking) for structured and unstructured data.

• Support and enforce data classification, labeling, and handling policies aligned with regulatory and business needs (e.g., PCI-DSS, GDPR, CCPA).

• Manage data loss prevention (DLP) systems and drive incident response for data exfiltration or unauthorized access events.

• Integrate data security controls into CI/CD pipelines and DevSecOps frameworks.

• Perform risk assessments and threat modeling for data-related systems and flows.

• Collaborate with Infrastructure, Cloud, and AppSec teams to secure data at rest, in transit, and in use across diverse environments.

• Monitor emerging data security threats and recommend technical and procedural controls to mitigate risk.

• Partner with Compliance and Legal teams to ensure audit readiness and support data privacy initiatives.

• Maintain detailed documentation of data security architecture, standards, and controls.

Team members in this role are required to be within commuting distance of our San Francisco hub.

👋 You 

Curious about who thrives at Whatnot? We’ve found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.

As our Data Security Engineer you should have a minimum of 7+ years of relevant experience in security preferably in a large enterprise environment, plus:

• Bachelor’s degree in Computer Science, computer engineering, cybersecurity, a related field, or equivalent work experience.

• 7+ years of experience in cybersecurity, with at least 2 years focused specifically on data security.

• Hands-on experience with one or more of the following: DLP platforms, encryption and key management, CASB, and data tokenization/masking tools.

• Strong understanding of data privacy regulations and standards (e.g., GDPR, CCPA, SOX, NIST).

• Familiarity with cloud platforms (AWS, GCP) and securing cloud-based data stores (e.g., S3, RDS, Snowflake).

• Ability to write and review secure infrastructure-as-code (e.g., Terraform, CloudFormation) and scripting (e.g., Python, Bash).

• Excellent communication skills with the ability to translate technical risks into business language.

• Self-motivated and creative problem-solver able to work independently with minimal guidance.

• Strong ability to work collaboratively across teams during high-stress situations.

• Ability to manage multiple competing priorities and use good judgment to establish an order of priorities on the fly.

🎁 Benefits

• Flexible Time off Policy and Company-wide Holidays (including a spring and winter break)

• Health Insurance options including Medical, Dental, Vision

• Work From Home Support

  • Home office setup allowance

  • Monthly allowance for cell phone and internet

• Care benefits

  • Monthly allowance for wellness

  • Annual allowance towards Childcare

  • Lifetime benefit for family planning, such as adoption or fertility expenses

• Retirement; 401k offering for Traditional and Roth accounts in the US (employer match up to 4% of base salary) and Pension plans internationally

• Monthly allowance to dogfood the app

  • All Whatnauts are expected to develop a deep understanding of our product. We're passionate about building the best user experience, and all employees are expected to use Whatnot as both a buyer and a seller as part of their job (our dogfooding budget makes this fun and easy!).

• Parental Leave

  • 16 weeks of paid parental leave + one month gradual return to work *company leave allowances run concurrently with country leave requirements which take precedence.

💛 EOE

Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.