Principal Privacy Engineer

Overview

We are seeking a Privacy Engineer with deep expertise in Digital Identity to design and implement privacy-centric solutions across our digital platform - including facilitating data retention, anonymization, and conducting Privacy threshold and impact assessments, as well as providing technical product and engineering consultation. This role requires strong technical knowledge of identity protocols, privacy-enhancing technologies, and regulatory frameworks. You will help ensure that identity systems are aligned with global privacy laws and the NIST Digital Identity Guidelines (SP 800-63), emphasizing secure and privacy-respecting authentication, identity proofing, and federation.

This is an onsite position in one of our hub locations (Mountain View CA or McLean VA)

• Design and implement privacy-preserving identity solutions including federated identity, decentralized identifiers (DIDs), and verifiable credentials.
• Integrate privacy-by-design into authentication, authorization, and identity federation workflows (e.g., OAuth2, OpenID Connect, SAML).
• Assist with conducting privacy impact assessments (PIAs) specifically related to identity and access management systems.
• Evaluate and deploy privacy-enhancing technologies (PETs) such as zero-knowledge proofs (ZKPs), secure multi-party computation (SMPC), and anonymization, pseudonymization, and data minimization methods.
• Develop and enforce technical standards for identity data minimization, encryption, pseudonymization, and secure storage.
• Collaborate with IAM and security engineering teams to enhance identity governance with strong privacy controls.
• Review architecture and code for identity systems to ensure compliance with privacy regulations (GDPR, CCPA, eIDAS, etc.).
• Monitor and assess threats to identity-related data and respond to incidents involving identity data exposure.
• Assist in managing privacy risk assessments and reviews for identity systems, including digital onboarding, credential issuance, and account recovery flows.
• Collaborate with security, IAM, Dev Ops, and compliance teams to build identity solutions that enforce Privacy-by-Design principles.
• Review identity system architecture and source code to ensure privacy and data protection controls are correctly implemented.
• Contribute to tooling for secure and automated DSAR (data subject access request) identity verification and privacy dashboards.
• Participate in incident response planning and investigations for identity-related security or privacy events.
• Map and enforce privacy principles (ISO/IEC 29100) including consent, purpose limitation, data minimization, and transparency in digital identity systems.
• Develop identity data lifecycle controls covering collection, processing, retention, and deletion per ISO/IEC and GDPR guidelines.
• Develop and implement solutions to ensure privacy policies are correctly implemented. The implementations should advance compliance with legal forms of data use as well as support business use of data.

• Bachelor’s or Master’s degree in Computer Science, Information Security, Engineering, or related technical field.
• 4+ years of technical experience in privacy engineering, IAM, or cybersecurity with a focus on digital identity.
• 1-2 years - Deep familiarity with NIST SP 800-63, including IAL, AAL, and FAL requirements.
• 4+ years of experience with identity protocols (OAuth2, OpenID Connect, SAML, SCIM), authentication systems, and modern IAM platforms.
• 4+ years of strong programming/scripting skills (e.g., Python, Go, Java, Node.js).
• 4+ years resulting in proficiency in identity and data protection standards (e.g., FIDO2, TLS, JWT, PKI, encryption at rest and in transit).

• Experience with cloud-based identity (AWS IAM, Azure AD, Okta, Google Identity Platform).
• Familiarity with decentralized identity technologies (e.g., Hyperledger Aries/Indy, Sovrin, Entra Verified ).
• Certifications:
  
  CIPT, CIPP, CISSP, GIAC GLEG, or other privacy/security credentials.
• Understanding of privacy threat modeling techniques such as LINDDUN.

• Deep understanding of privacy risks, mitigations, and best practices in…