Staff Security Engineer at Veeam Software

Prague, CzechiaFull-timeVDC - Engineering 1009422Posted 26 days ago

About the Role

<div class="content-intro"><div class="elementToProof"> Veeam is the Data and AI Trust Company, specializing in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. As the market leader in both data resilience and data security posture management, Veeam is built for the convergence of identity, data, security, and AI risk. Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, who trust Veeam to keep their businesses running. Join us as we go fearlessly forward together, growing, learning, and making a real impact for some of the world’s biggest brands. </div></div>About the Role We’re looking for a Staff Security Engineer to define and drive the authentication and authorization architecture for <a href="https://www.veeam.com/products/veeam-data-cloud.html">Veeam Data Cloud (VDC)</a>, our cloud-native SaaS platform. This role is centered on evaluating, defining, and evolving our authorization model - including RBAC and API access control across VDC services and teams. You’ll partner closely with product and platform engineering to ensure access is consistently designed, implemented, and enforced across the product.    We provide secure data protection services on AWS, Azure, and GCP, integrating with platforms like Microsoft 365 and Salesforce for customers in regulated industries What You’ll Do <ul> <li>Define end-to-end security architecture for identity and authorization across VDC (control plane and data plane) </li> <li>Evaluate and define authorization standards for multi-tenant SaaS, including RBAC/ABAC patterns, API authorization, and consistent permission modeling across services </li> <li>Define role/permission models for customer users, customer admins, internal support/admin access, and service-to-service authorization </li> <li>Design and standardize identity and authorization for agents and connectors running in customer environments (token/scopes, least privilege, rotation) </li> <li>Define shared security capabilities like tenant isolation, policy enforcement, and rate limiting </li> <li>Set standards for secure logging and telemetry for authentication and authorization </li> <li>Turn repeat security issues into reusable guardrails and shared services </li> <li>Support compliance work (e.g., SOC 2, FedRAMP-style, IRAP) through lasting design improvements </li> <li>Be hands-on in implementation: write code, perform code reviews, and submit PRs to VDC repositories; at times, embed with product teams to deliver authorization changes end-to-end </li> <li>Join design reviews and help teams adopt standard security patterns </li> </ul> What You’ll Bring <ul> <li>Proven background as a Security Architect / Senior Security Engineer / Software Engineering for cloudnative, multitenant SaaS </li> <li>Strong, hands-on expertise integrating and operating Okta, Auth0, and/or Keycloak from a software engineering perspective (SDKs/APIs, OIDC/OAuth flows, token handling, automation) </li> <li>Strong software engineering background: proficiency in one or more of C#/.NET, Go, Java, Python, or TypeScript</li> <li>Deep knowledge of authorization concepts and implementation: RBAC, permission modeling, policy enforcement, OAuth2/OIDC, JWT, mTLS, workload identities, tenant isolation, and secure API design </li> <li>Strong Azure security architecture knowledge (Entra ID, AKS, networking, monitoring, hardening) </li> <li>Experience turning vulnerability patterns for AAA into scalable platform solutions </li> <li>Strong communication skills in English; comfortable in distributed teams </li> </ul> Bonus Skills <ul> <li>Building shared authn/authz libraries, policy engines, or security control plane services </li> <li>Secure logging/telemetry design and data sanitization </li> <li>Multicloud/hybrid identity experience </li> </ul> What You’ll Get  <ul> <li>25 vacation days, 4 sick days, 21 paid medical leave days, plus 4 extra global VeeaMe Days for self-care and 24 paid volunteer hours annually through Veeam Cares</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="edf32eb5-9fd0-4c7c-8978-e79d37007503">Premium private medical insurance for employees and dependents</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="9f5cda51-08d8-4760-971e-d9f747f57f7d">Daily meal vouchers for restaurants and groceries (180 CZK per working day)</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="378750df-d64d-4338-975e-c9b4064240d2">Flexible cafeteria platform with thousands of lifestyle benefit options</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="fab46f32-3a73-4a50-8eab-142b44eb8a92">Multisport Card for gym and wellness, with family add-on options</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="e8ec9bf3-2992-4ad0-8128-28f123163245">Annual public transport reimbursement up to a set limit</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="0e65f6ac-21e2-4496-a397-aae4bda50c32">Corporate mobile plan with optional family tariff</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="6e123908-7b82-4cf6-847f-5cfcbf2d13b2">Opportunities to learn and grow through on-demand libraries (LinkedIn Learning, O’Reilly), mentoring, workshops and learning events like our annual Global Day of Learning</li> </ul> #LI-TK1<div class="content-conclusion"><div data-pm-slice="1 1 ["ul",null,"li",{"style":null,"checked":null,"value":null,"displayValue":null,"backgroundColor":null,"color":null,"listStyleType":null}]" data-en-clipboard="true"><hr></div> <div data-pm-slice="1 1 ["ul",null,"li",{"style":null,"checked":null,"value":null,"displayValue":null,"backgroundColor":null,"color":null,"listStyleType":null}]" data-en-clipboard="true">Veeam Software is an equal opportunity employer and does not tolerate discrimination in any form on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state or local law. All your information will be kept confidential.</div> <div data-pm-slice="1 1 ["ul",null,"li",{"style":null,"checked":null,"value":null,"displayValue":null,"backgroundColor":null,"color":null,"listStyleType":null}]" data-en-clipboard="true"> Please note that any personal data collected from you during the recruitment process will be processed in accordance with our <a href="https://www.veeam.com/recruiting-privacy-notice.html">Recruiting Privacy Notice</a>.   The Privacy Notice sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us in connection with our recruitment processes.  By applying for this position, you consent to the processing of your personal data in accordance with our <a href="https://www.veeam.com/recruiting-privacy-notice.html">Recruiting Privacy Notice</a>. By submitting your application, you acknowledge that the information provided in your job application and any supporting documents is complete and accurate to the best of your knowledge. Any misrepresentation, omission, or falsification of information may result in disqualification from consideration for employment or, if discovered after employment begins, termination of employment. </div> <a id="app"></a></div>

About the Role

About the Role

Related Roles

About the Role

Related Roles