Privacy Engineer

About 1Password

At 1Password, we’re building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Extended Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience. Over 180,000 businesses, from Fortune 100 leaders to the world’s most innovative AI companies, trust 1Password to help their teams securely adopt the SaaS and AI tools they need to do their best work.

If you're excited about the opportunity to contribute to the digital safety of millions, to work alongside a team of curious, driven individuals, and to solve hard problems in a fast-paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future.

We are excited to welcome a Privacy Engineer to join 1Password’s Privacy Engineering team within GRC, part of the broader Security organization. Our mission is to build products people trust—and privacy is a core part of that trust. In this role, you’ll use full stack engineering skills to deliver privacy-by-design controls and tooling that help 1Password build and operate privacy-preserving practices across our product and platform in a modern SaaS environment.

You’ll work day-to-day as a member of Privacy Engineering, partnering closely with Engineering, Product, Data, and Legal/Privacy. You’ll help shape how we collect, process, store, access, and delete data across core services, user experiences, telemetry, support tooling, third-party integrations, and emerging AI-assisted functionality—translating privacy requirements into durable, implemented engineering controls.

This is a remote opportunity within Canada and the US.

What You Can Expect

• A hands-on engineering role on the Privacy Engineering team within GRC & Security, focused on building real controls—not policy-only work
• Work on privacy engineering problems where product and platform decisions matter: user-facing flows, APIs, services, and supporting infrastructure that handles customer data
• Build practical privacy guardrails across the stack (data minimization, purpose limitation, access boundaries, consent-aware collection, and safe defaults)
• Improve retention/deletion workflows and logging/telemetry hygiene so privacy remains strong as systems evolve
• Help enable privacy-safe AI-assisted features by implementing technical guardrails that reduce data exposure and improve data handling discipline
• Collaborate across teams to make privacy the default through patterns, templates, guardrails

What You'll Do

Build privacy-by-design into product features and services

• Partner with Product and Legal/Privacy to translate requirements (e.g., DPIAs/PIAs, consent, data subject rights) into concrete Privacy Engineering deliverables and implementation plans
• Implement privacy-safe patterns for data flows, access boundaries, storage decisions, and user experiences, driving changes into production systems
• Contribute to technical designs and reviews so privacy is addressed early, with GRC & Security Privacy Engineering providing consistent guidance and reusable patterns

Implement privacy controls across the stack

• Build and improve backend controls such as authorization checks, data scoping, encryption usage, and privacy-aware service interfaces in collaboration with Security engineering partners
• Build and improve frontend experiences that support privacy requirements (clear choices, consent signaling, privacy-respecting defaults, and user controls where applicable)
• Improve data handling in logs/telemetry by limiting sensitive fields, and ensuring collection remains consent-aware, supporting goals for visibility without over-collection

Improve lifecycle controls and operational hygiene

• Strengthen retention and deletion across production databases, logs, and relevant third-party systems with an engineering-first approach
• Improve observability practices while reducing exposure (e.g., safer diagnostics, redaction, structured logging patterns)
• Build and maintain tooling and automation (service templates, CI checks, linting/guardrails) that prevent regressions and make safe choices easy across engineering teams

Grow through hands-on execution and collaboration

• Contribute production-quality code, tests, and documentation for privacy-related features and controls as a core member of the privacy engineering function
• Participate in code reviews and design reviews, and work with teammates to iterate toward pragmatic solutions
• Learn and apply privacy and regulatory concepts in an engineering context, supported by close partnership with privacy-minded stakeholders

What We're Looking For

• 3–5 years of experience building and shipping software in a SaaS environment
• Full stack engineering experience delivering customer-facing functionality and supporting backend services (APIs, services, and data flows)
• Proficiency in one or more backend languages (e.g., Go, Rust, Java, TypeScript) and comfort working across the stack
• Experience with modern web application patterns (authentication/authorization concepts, API design, frontend state/data handling)
• Practical experience implementing privacy- and security-adjacent controls such as data minimization, access controls, encryption usage, retention/deletion, and privacy-safe telemetry/logging
• Ability to translate privacy requirements (GDPR / CCPA / CPRA concepts) into engineering tasks
• Strong collaboration skills and comfort partnering with GRC & Security, Product, Legal/Privacy, Data, and Engineering teams
• A track record of writing reliable, maintainable code with testing and operational awareness (debugging, monitoring, incident follow-up)

Bonus Points For

• Experience building or supporting data subject rights workflows (export, delete, correction) and related automation
• Familiarity with threat modeling, secure development practices, and privacy/security reviews
• Experience with third-party integrations and building safe data handling patterns for vendors and support tooling
• Exposure to compliance/security frameworks and audits (e.g., ISO 27001, ISO 27701, SOC 2) in ways that translate into real engineering controls
• Interest in privacy-safe AI-assisted features (data minimization, provenance, logging/telemetry hygiene, retention alignment)

Key skills/competency

• Privacy Engineering
• Full Stack Development
• SaaS Environment
• Data Minimization
• Access Controls
• Encryption Usage
• Retention/Deletion
• Telemetry/Logging
• GDPR/CCPA/CPRA
• Backend Development