Whatnot
Overview
Join the Future of Commerce with Whatnot. Whatnot is the largest livestream shopping platform in North America and Europe to buy, sell, and discover the things you love. Were redefining e-commerce by blending community, shopping, and entertainment into a community just for you. As a remote co-located team, were inspired by innovation and anchored in our values. With hubs in the US, UK, Ireland, Poland, and Germany, were building the future of online marketplacestogether. From fashion, beauty, and electronics to rare collectibles like trading cards, comic books, and even live plants, our live auctions have something for everyone. Were growing quickly and looking for bold, forward-thinking problem solvers across all functional areas. Role: The Data Security Engineer is responsible for developing and overseeing technology security systems to help protect those systems and associated ones from the effects of various kinds of cybercrime. Advance our customers' access to our applications and services by offering seamless access control mechanisms, advanced authentication methods, progressive profiling, and a consolidated identity. Responsibilities Developing plans for increased security across the systems. Putting various protections into place. Testing and re-testing systems for known vulnerabilities. Monitoring systems for security breaches. Investigating breaches and anomalies. Design and implement scalable data protection solutions (e.g., encryption, tokenization, DLP, data masking) for structured and unstructured data. Support and enforce data classification, labeling, and handling policies aligned with regulatory and business needs (e.g., PCI-DSS, GDPR, CCPA). Manage data loss prevention (DLP) systems and drive incident response for data exfiltration or unauthorized access events. Integrate data security controls into CI/CD pipelines and DevSecOps frameworks. Perform risk assessments and threat modeling for data-related systems and flows. Collaborate with Infrastructure, Cloud, and AppSec teams to secure data at rest, in transit, and in use across diverse environments. Monitor emerging data security threats and recommend technical and procedural controls to mitigate risk. Partner with Compliance and Legal teams to ensure audit readiness and support data privacy initiatives. Maintain detailed documentation of data security architecture, standards, and controls.
Qualifications
Bachelors degree in Computer Science, computer engineering, cybersecurity, a related field, or equivalent work experience. 7+ years of experience in cybersecurity, with at least 2 years focused specifically on data security. Hands-on experience with DLP platforms, encryption and key management, CASB, and data tokenization/masking tools. Strong understanding of data privacy regulations and standards (e.g., GDPR, CCPA, SOX, NIST). Familiarity with cloud platforms (AWS, GCP) and securing cloud-based data stores (e.g., S3, RDS, Snowflake). Ability to write and review secure infrastructure-as-code (e.g., Terraform, CloudFormation) and scripting (e.g., Python, Bash). Excellent communication skills with the ability to translate technical risks into business language. Self-motivated and creative problem-solver able to work independently with minimal guidance. Strong ability to work collaboratively across teams during high-stress situations. Ability to manage multiple competing priorities and use good judgment to establish an order of priorities on the fly.
Benefits
Flexible Time off Policy and Company-wide Holidays (including a spring and winter break) Health Insurance options including Medical, Dental, Vision Work From Home Support
Home office setup allowance Monthly allowance for cell phone and internet Care benefits Monthly allowance for wellness Annual allowance towards Childcare Lifetime benefit for family planning, such as adoption or fertility expenses Retirement; 401k offering for Traditional and Roth accounts in the US (employer match up to 4% of base salary) and Pension plans internationally Monthly allowance to dogfood the app All Whatnauts are expected to develop a deep understanding of our product. We are passionate about building the best user experience, and all employees are expected to use Whatnot as both a buyer and a seller as part of their job. Parental Leave 16 weeks of paid parental leave + one month gradual return to work
Equal Opportunity Employer
Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce. Compensation Range: $215K - $260K Job Details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Information Technology Industries: Technology, Information and Internet
Referral notices and related job postings are provided for candidate awareness and recruitment purposes. #J-18808-Ljbffr
Join the Future of Commerce with Whatnot. Whatnot is the largest livestream shopping platform in North America and Europe to buy, sell, and discover the things you love. Were redefining e-commerce by blending community, shopping, and entertainment into a community just for you. As a remote co-located team, were inspired by innovation and anchored in our values. With hubs in the US, UK, Ireland, Poland, and Germany, were building the future of online marketplacestogether. From fashion, beauty, and electronics to rare collectibles like trading cards, comic books, and even live plants, our live auctions have something for everyone. Were growing quickly and looking for bold, forward-thinking problem solvers across all functional areas. Role: The Data Security Engineer is responsible for developing and overseeing technology security systems to help protect those systems and associated ones from the effects of various kinds of cybercrime. Advance our customers' access to our applications and services by offering seamless access control mechanisms, advanced authentication methods, progressive profiling, and a consolidated identity. Responsibilities Developing plans for increased security across the systems. Putting various protections into place. Testing and re-testing systems for known vulnerabilities. Monitoring systems for security breaches. Investigating breaches and anomalies. Design and implement scalable data protection solutions (e.g., encryption, tokenization, DLP, data masking) for structured and unstructured data. Support and enforce data classification, labeling, and handling policies aligned with regulatory and business needs (e.g., PCI-DSS, GDPR, CCPA). Manage data loss prevention (DLP) systems and drive incident response for data exfiltration or unauthorized access events. Integrate data security controls into CI/CD pipelines and DevSecOps frameworks. Perform risk assessments and threat modeling for data-related systems and flows. Collaborate with Infrastructure, Cloud, and AppSec teams to secure data at rest, in transit, and in use across diverse environments. Monitor emerging data security threats and recommend technical and procedural controls to mitigate risk. Partner with Compliance and Legal teams to ensure audit readiness and support data privacy initiatives. Maintain detailed documentation of data security architecture, standards, and controls.
Qualifications
Bachelors degree in Computer Science, computer engineering, cybersecurity, a related field, or equivalent work experience. 7+ years of experience in cybersecurity, with at least 2 years focused specifically on data security. Hands-on experience with DLP platforms, encryption and key management, CASB, and data tokenization/masking tools. Strong understanding of data privacy regulations and standards (e.g., GDPR, CCPA, SOX, NIST). Familiarity with cloud platforms (AWS, GCP) and securing cloud-based data stores (e.g., S3, RDS, Snowflake). Ability to write and review secure infrastructure-as-code (e.g., Terraform, CloudFormation) and scripting (e.g., Python, Bash). Excellent communication skills with the ability to translate technical risks into business language. Self-motivated and creative problem-solver able to work independently with minimal guidance. Strong ability to work collaboratively across teams during high-stress situations. Ability to manage multiple competing priorities and use good judgment to establish an order of priorities on the fly.
Benefits
Flexible Time off Policy and Company-wide Holidays (including a spring and winter break) Health Insurance options including Medical, Dental, Vision Work From Home Support
Home office setup allowance Monthly allowance for cell phone and internet Care benefits Monthly allowance for wellness Annual allowance towards Childcare Lifetime benefit for family planning, such as adoption or fertility expenses Retirement; 401k offering for Traditional and Roth accounts in the US (employer match up to 4% of base salary) and Pension plans internationally Monthly allowance to dogfood the app All Whatnauts are expected to develop a deep understanding of our product. We are passionate about building the best user experience, and all employees are expected to use Whatnot as both a buyer and a seller as part of their job. Parental Leave 16 weeks of paid parental leave + one month gradual return to work
Equal Opportunity Employer
Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce. Compensation Range: $215K - $260K Job Details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Information Technology Industries: Technology, Information and Internet
Referral notices and related job postings are provided for candidate awareness and recruitment purposes. #J-18808-Ljbffr