Staff Engineer, Security Privacy

About the team

The Security Privacy team builds and operates the services that help HubSpot understand, protect, and manage personally identifiable information (PII) across the entire platform.

We own a suite of backend and frontend systems that automatically scan HubSpot’s codebase and infrastructure to catalog PII usage and ownership, classify datasets, enforce data protection standards, and orchestrate GDPR deletion workflows when customers exercise their rights. Our tools make it straightforward for every engineering team at HubSpot to know what sensitive data they handle and to do the right thing with it.

We sit within the Security Automated Assurance group, and partner closely with HubSpot’s Privacy, Legal, and Security organisations as well as product and infrastructure teams across the company.

About the role

As a Staff Engineer on the Security Privacy team, you’ll be a senior individual contributor and technical leader shaping how HubSpot discovers, manages, and protects personal data at scale. You’ll:

• Set and evolve the technical direction for privacy tooling, partnering closely with the team’s TL and PM.
• Lead delivery of complex, multi-quarter initiatives across data privacy, PII management, and data protection domains, often coordinating work across multiple teams and technical areas.
• Make high-impact architectural decisions, raising the bar for reliability, performance, and security in our systems.
• Provide deep technical mentorship, helping other engineers grow their design, coding, and operational skills while contributing to an inclusive, high-trust team culture.

This is a hands-on leadership role: you’ll spend most of your time designing systems, writing code, and reviewing changes, while also acting as a go-to technical expert and thought partner for the Security Privacy team and our stakeholders.

In this role, you’ll get to

• Lead design and implementation of services that catalog PII, classify datasets, enforce data protection standards, and automate GDPR deletion workflows across HubSpot.
• Design and evolve distributed systems that scan HubSpot’s codebase and infrastructure to detect PII usage, track dataset ownership, and orchestrate privacy-related actions at scale.
• Own reliability and on-call for the services you help build, including alerting, incident response, and continuous improvement of our data privacy pipelines.
• Collaborate with Privacy, Legal, and Security teams to translate data protection requirements and regulations into robust, scalable technical solutions.
• Drive technical roadmaps and long-term investments for how HubSpot manages and protects personal data, balancing foundational platform work with near-term regulatory and business needs.
• Mentor engineers across the group through design reviews, pairing, and thoughtful feedback, helping to shape engineering best practices for security and privacy domains.

We’re looking for people who

• Are tenured backend engineers with experience operating at staff-level scope: driving complex technical initiatives, influencing across teams, and providing deep technical leadership without direct people management.
• Have strong knowledge of data governance concepts and practices (for example, data lineage, classification, retention, and access governance) and experience applying them in large-scale systems.
• Are comfortable designing and operating distributed systems (e.g., microservices, message queues, data pipelines) in production environments.
• Have strong experience with at least one JVM language (ideally Java) and relational databases (e.g., MySQL); experience with technologies like Kafka, asynchronous processing, or large-scale data systems is a plus.
• Care deeply about reliability, observability, and operational excellence, and have participated in or helped run on-call rotations before.
• Communicate clearly with engineers and non-engineers, and enjoy working closely with product, design, and non-technical partners in security, privacy, and compliance.
<