GDPR, Privacy

About
Selkirk Sport
Pickleball is the fastest growing sport in the US and Selkirk Sport is the market leader in manufacturing all things Pickleball We are an agile company with a collaborative management style whose mission is to fuel Pickleball players' obsession by creating a premier product ecosystem through a variety of brands.

This not only applies to delivering the foremost in creative excellence through high-performance equipment manufactured in the USA, but also in how Selkirk Sport strives to improve the Pickleball community through grass-roots programs, professional athlete sponsorship, and supporting local non-profits & schools. We look for people who are focused, tech-savvy, fast-paced, problem solvers, and complete tasks while being a stickler for the details. We also want a fun personality that enjoys getting results.

We are seeking a proactive and technically skilled
GDPR, Privacy & Security Engineer
to join our team. This is a critical role responsible for designing, developing, and implementing technical solutions to ensure our software ecosystem is compliant with GDPR and other data privacy regulations, while also maintaining robust security postures across all our platforms.

You will be the technical authority on data privacy and security, working across our entire technology stack—from our public-facing consumer applications and Shopify e-commerce platform to our internal business tools built on Palantir. You will collaborate closely with our engineering, product, legal, and security teams to translate complex privacy and security requirements into concrete, robust, and scalable software features.

Key Responsibilities

• Develop Privacy-Enhancing Features: Design, build, and maintain tools and services to automate and manage data privacy obligations. This includes:

• Data Subject Access Request (DSAR) Automation: Implement systems to handle user requests for data access, rectification, portability, and erasure (the "Right to be Forgotten") across all our platforms.

• Consent Management: Build and integrate robust consent management solutions to track user consent for cookies, marketing communications, and data processing activities.
• Data Anonymization & Pseudonymization: Develop scripts and services to anonymize or pseudonymize data in development, testing, and analytics environments.

• Data Expiration and Retention: Develop tools and automations to track data expirations and ensure that we are not storing data longer than necessary.

• Implement and Maintain Security Measures: Design, implement, and monitor security controls to protect sensitive data and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. This includes:

• Security Architecture Review: Participate in the design and review of system architectures to ensure security best practices are integrated from the outset ("Security by Design").

• Vulnerability Management: Implement and manage tools for identifying, assessing, and remediating security vulnerabilities in applications and infrastructure.
• Incident Response Support: Assist in the development and execution of incident response plans for security breaches and data privacy incidents.

• Security Awareness: Promote and educate engineering teams on secure coding practices and security best practices.

• Shopify Platform Integration:

• Audit our Shopify store's data collection and security practices, including apps, scripts, and custom themes.

• Utilize Shopify APIs to manage customer data, fulfill DSARs, and ensure third-party app integrations are GDPR compliant and secure.

• Manage our cookie consent banners and privacy settings within the Shopify environment.

• Palantir Platform Integration:

• Audit our Palantir data restrictions, retention, and security practices.

• Learn and become the team expert on Palantir's data privacy and security tools and systems in order to help other devs build with "Privacy by Design and by Default" and "Security by Design" principles.

• Technical Guidance:

• Act as the go-to expert for developers on privacy and security-related questions.

• Help maintain our Record of Processing Activities (RoPA) by documenting data flows, storage locations, and processing purposes for our applications.

• System Auditing & Compliance:

• Regularly audit our applications, databases, and internal tools to identify and remediate potential privacy and security risks or compliance gaps.

• Collaborate with the legal and security teams to conduct Data Protection Impact Assessments (DPIAs) and Security Impact Assessments (SIAs) for new projects and features.
• Develop monitoring and alerting systems to detect potential data privacy incidents and security breaches.

Required Qualifications & Skills

• Experience: 3+ years of professional software development experience.
• Privacy & Security Engineering Experience: Prior experience in a Privacy Engineering, Security Engineering, or similar role.
• Programming Proficiency: Strong proficiency in one or more of our core languages, such as python or typescript.
• Database Knowledge: Solid experience with data and databases.
• API Expertise: Proven experience working with RESTful APIs and/or GraphQL for system integration.
• Strong GDPR Understanding: Deep technical understanding of GDPR principles and their practical application in software development (e.g., Lawful Basis for Processing, Data Minimization, Purpose Limitation).
• Security Best Practices: Strong knowledge of data security principles like encryption, access control, secure coding practices, and common web application vulnerabilities.
• Problem-Solving: Excellent analytical and problem-solving skills, with the ability to translate legal and regulatory requirements into technical solutions.

Preferred Qualifications (Nice to Have)

• Shopify Experience: Direct experience with the Shopify platform, its APIs (Admin, Storefront), and the Liquid templating language.
• Palantir Experience: Direct experience with the Palantir platform, its APIs and data controls.
• Cloud Infrastructure: Familiarity with cloud platforms (e.g., AWS, GCP, Azure) and their data storage and security services.
• Other Privacy Regulations: Familiarity with other privacy laws such as CCPA/CPRA, LGPD, etc.

Security Certifications:
Relevant security certifications (e.g., CISSP, CISM, CompTIA Security+).

What We Offer:

• Opportunity to work with a fast-growing, industry-leading international brand, in a dynamic, innovative, and supportive work environment
• Hybrid work model, office located at Ülemiste, Tallinn
• Well-being: Weekly Team Lunches, monthly sports allowance/private health insurance, and mental health support and 6 paid wellness/ health days
• Work-life balance: You will receive paid time off for your birthday and you are granted one Friday off per quarter (four per year) to rest, reset and recharge.
• Professional development and learning opportunities