Senior Data Security & Privacy Engineer at Veeam Software

Prague, CzechiaFull-timeVDC - Engineering 1009422Posted 26 days ago

About the Role

<div class="content-intro"><div class="elementToProof"> Veeam is the Data and AI Trust Company, specializing in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. As the market leader in both data resilience and data security posture management, Veeam is built for the convergence of identity, data, security, and AI risk. Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, who trust Veeam to keep their businesses running. Join us as we go fearlessly forward together, growing, learning, and making a real impact for some of the world’s biggest brands. </div></div>About the Role Veeam is looking for a Senior Data Security & Privacy Engineer to own privacy-by-design and data protection engineering for the <a href="https://www.veeam.com/products/veeam-data-cloud.html">Veeam Data Cloud (VDC)</a> data plane on Microsoft Azure and AWS. You will be the dedicated security and privacy engineering partner for VDC, responsible for how customer data is classified, ingested, encrypted, stored, processed, accessed, monitored, retained, and deleted across VDC workloads.    This is a product security and enablement role: you will build shared security/privacy services, guardrails, and paved roads that make secure, compliant defaults easy for product teams to adopt. You will ship code via pull requests, provide reference implementations and self-service tooling, and measure adoption to drive consistent protections across the data plane.    What You’ll Do <ul> <li>Build and maintain shared platform capabilities that enable product teams to securely access Veeam Data Cloud and services (humans, services, agents) with secure-by-default patterns.</li> <li>Set standard patterns for authentication, authorization, and least-privilege access in a multi-tenant SaaS environment, with explicit focus on customer data access (humans, services, automation, break-glass). </li> <li>Engineer and operationalize privacy-by-design controls: data minimization, purpose limitation, and safe-by-default handling of personal/sensitive data (incl. data discovery and classification).</li> <li>Build and maintain data lifecycle mechanisms (retention policies, legal hold support where applicable, secure deletion, export/erasure workflows) that scale across tenants and regions.</li> <li>Own the encryption and key management strategy for customer data (in transit and at rest), including key rotation, access policies, and integrations with platform KMS (e.g., Azure Key Vault / managed HSM where used).</li> <li>Define and build a shared security + privacy control plane with internal APIs/SDKs and self-service workflows (tenant isolation, policy-as-code, consistent enforcement, abuse/rate limiting, and guardrails that reduce the chance of data exposure).</li> <li>Define secure logging, audit trails, and telemetry libraries (what we log, how we avoid/ redact sensitive data, how logs support detection, incident response, and privacy investigations). </li> <li>Ship production-quality code (services, SDKs, templates, lint rules, CI/CD checks, infrastructure-as-code guardrails) that creates paved roads and makes the secure path the default path for product teams.</li> <li>Create reference architectures, reusable patterns, and developer documentation; run enablement (onboarding, office hours) and define adoption metrics to drive consistent rollout across teams. </li> <li>Build scalable data-flow mapping and threat modeling mechanisms (templates, tooling, review checklists) for features that touch customer data; translate findings into platform backlog items and reusable controls. </li> <li>Partner with Engineering, SRE, AI Security, Platform Security, Product Security, and Compliance/Privacy stakeholders to improve security and privacy baselines for our services. </li> <li>Turn repeat security issues (dependencies/SBOM, container/VM findings, secrets exposure, pentest items) into automated fixes and guardrails (policies, pipelines, templates) that prevent regressions.</li> <li>Help meet external security and privacy requirements (e.g., SOC 2 / ISO / FedRAMP-style / IRAP) by delivering architecture and implementation changes that are measurable, auditable, and durable.</li> </ul> What You’ll Bring <ul> <li>Experience as a Security Architect / Data Security Engineer / Privacy Engineer in a cloud-native, multi-tenant SaaS, with clear ownership of data protection and privacy engineering outcomes.</li> <li>Strong knowledge of Azure security and data services (identity/managed identities, Key Vault, storage, databases, networking), and the ability to apply the right controls to protect customer data at scale (AWS familiarity is a plus).</li> <li>Strong software engineering background and proven ability to ship and maintain production systems: proficiency in one or more of C#/.NET, Go, Java, Python, or TypeScript; comfortable with pull requests, code reviews, testing, and CI/CD.</li> <li>Hands-on experience engineering encryption, key management, tenant isolation, and access control for large-scale data systems (including designing for incident response and forensics). </li> <li>Understanding of compliance and privacy expectations (SOC 2 / ISO 27001 / FedRAMP-style) and how they translate into practical data handling controls (auditability, least privilege, retention/deletion, data residency as applicable).</li> <li>Track record applying secure SDLC practices (threat modeling, secure design reviews, dependency/vulnerability management) and turning requirements into code and automation.</li> <li>Clear communication and ability to work with engineering/SRE/AppSec teams.</li> </ul> Bonus Skills <ul> <li>Shared platform services for data protection (central KMS strategy, entitlement services, tokenization/masking). </li> <li>Experience building secure observability for data planes and forensics for anomalous access.</li> <li>Multicloud/hybrid data protection experience. </li> <li>Security-focused development experience and relevant certifications (Azure security/architecture, cloud security, privacy/data protection).</li> </ul> What You’ll Get  <ul> <li>25 vacation days, 4 sick days, 21 paid medical leave days, plus 4 extra global VeeaMe Days for self-care and 24 paid volunteer hours annually through Veeam Cares</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="edf32eb5-9fd0-4c7c-8978-e79d37007503">Premium private medical insurance for employees and dependents</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="9f5cda51-08d8-4760-971e-d9f747f57f7d">Daily meal vouchers for restaurants and groceries (180 CZK per working day)</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="378750df-d64d-4338-975e-c9b4064240d2">Flexible cafeteria platform with thousands of lifestyle benefit options</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="fab46f32-3a73-4a50-8eab-142b44eb8a92">Multisport Card for gym and wellness, with family add-on options</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="e8ec9bf3-2992-4ad0-8128-28f123163245">Annual public transport reimbursement up to a set limit</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="0e65f6ac-21e2-4496-a397-aae4bda50c32">Corporate mobile plan with optional family tariff</li> <li class="___ccc16d0 fje8fi8 f1ng9h0j f1bwykku f18jd3zf" data-uuid="6e123908-7b82-4cf6-847f-5cfcbf2d13b2">Opportunities to learn and grow through on-demand libraries (LinkedIn Learning, O’Reilly), mentoring, workshops and learning events like our annual Global Day of Learning</li> </ul>   #LI-DS1 #Hybrid<div class="content-conclusion"><div data-pm-slice="1 1 ["ul",null,"li",{"style":null,"checked":null,"value":null,"displayValue":null,"backgroundColor":null,"color":null,"listStyleType":null}]" data-en-clipboard="true"><hr></div> <div data-pm-slice="1 1 ["ul",null,"li",{"style":null,"checked":null,"value":null,"displayValue":null,"backgroundColor":null,"color":null,"listStyleType":null}]" data-en-clipboard="true">Veeam Software is an equal opportunity employer and does not tolerate discrimination in any form on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state or local law. All your information will be kept confidential.</div> <div data-pm-slice="1 1 ["ul",null,"li",{"style":null,"checked":null,"value":null,"displayValue":null,"backgroundColor":null,"color":null,"listStyleType":null}]" data-en-clipboard="true"> Please note that any personal data collected from you during the recruitment process will be processed in accordance with our <a href="https://www.veeam.com/recruiting-privacy-notice.html">Recruiting Privacy Notice</a>.   The Privacy Notice sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us in connection with our recruitment processes.  By applying for this position, you consent to the processing of your personal data in accordance with our <a href="https://www.veeam.com/recruiting-privacy-notice.html">Recruiting Privacy Notice</a>. By submitting your application, you acknowledge that the information provided in your job application and any supporting documents is complete and accurate to the best of your knowledge. Any misrepresentation, omission, or falsification of information may result in disqualification from consideration for employment or, if discovered after employment begins, termination of employment. </div> <a id="app"></a></div>

About the Role

About the Role

Related Roles

About the Role

Related Roles