AI Data Security & Privacy Engineer

We believe everyone deserves access to affordable and simple legal services. Founded in 2008, Rocket Lawyer is the largest and most widely used online legal service platform in the world. With offices in North America, South America, and Europe, Rocket Lawyer has helped over 30 million people create over 50 million legal documents, and get their legal questions answered.

We are in a unique position to enhance and expand the Rocket Lawyer platform to a scale never seen before in the company’s history, to capture audiences worldwide. We are expanding our team to take on this challenge!

Rocket Lawyer’s customer data is the company’s most important asset, and we need to continue maintaining the security and privacy of this data to ensure delighted customers and a successful business. As a seasoned data security and privacy engineer, you will play a critical role in designing, building, and scaling the systems, processes, and controls that protect the company and our users’ data and ensure trust in our products.

Working as part of the Security team, you will partner closely with Engineering, Legal, and cross‑functional stakeholders to embed privacy‑by‑design principles into our infrastructure and translate regulatory requirements into scalable technical solutions. You’ll bring to the role a passion for architect and operating a secure data storage system.

This is a hands‑on role for a senior individual contributor who thrives at the intersection of security, privacy, and data infrastructure. You will shape how we discover, classify, and protect information, lead privacy risk mitigation efforts, and help evolve our data security capabilities as the company grows and our AI product flourishes. The ideal candidate will be a seasoned data security and privacy expert with exposure to AI‑integrated systems to understand the complexities of data security as it relates to AI.

Design and implement data classification and handling frameworks to provide appropriate protection throughout the data lifecycle.

Build and maintain comprehensive data inventories and data flow maps, identifying where data resides and how it is processed across systems.

Collaborate with Engineering teams to apply appropriate controls at every point in the data pipeline.

Understand the need for encryption, implement it where possible, and implement all appropriate safeguards to ensure keys are both kept secure and available to prevent data exfiltration and loss.

Partner with Engineering, Legal, Product, IT, and other cross‑functional stakeholders to design and embed privacy and data protection principles across the entire organization, from product development to operations.

Partner with stakeholders to translate legal and regulatory obligations into actionable technical requirements, policies, and controls.

Develop privacy‑enhancing capabilities such as data minimisation, anonymisation, and access‑control frameworks that scale with our infrastructure.

Work with AI teams to ensure that architectural designs are reviewed and threat‑modelled to minimize data privacy risk.

Conduct technical risk assessments of internal and third‑party systems and applications to identify, evaluate, and mitigate privacy and data security risks, including vulnerabilities, misuse, and compliance gaps.

Contribute to Data Protection Impact Assessments (DPIAs) by assessing the technical and security implications of new processing activities.

Partner with Legal to transform evolving regulatory frameworks (e.g., SOC2, GDPR, CCPA, NIST, ISO) into secure, scalable engineering solutions that drive compliance and build user trust.

Support and coordinate the company’s technical response to data breaches or security incidents, including those impacting personal information (Incidents), enabling timely investigation, effective mitigation, and root‑cause analysis.

Design and implement processes and tooling to detect, investigate, and remediate data…