Senior Data Security & Privacy Engineer

Veeam is the Data and AI Trust Company, specializing in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. Veeam is the market leader in data resilience and data security posture management, headquartered in Seattle with offices in more than 30 countries, protecting over 550,000 customers worldwide.

• Experience as a Security Architect, Data Security Engineer, or Privacy Engineer in a cloud-native, multi-tenant SaaS environment with ownership of data protection and privacy engineering outcomes
• Strong knowledge of Azure security and data services including identity, Key Vault, storage, databases, and networking; AWS familiarity is a plus
• Strong software engineering background with proficiency in one or more of C#/.NET, Go, Java, Python, or TypeScript; experience with pull requests, code reviews, testing, and CI/CD
• Hands-on experience with encryption, key management, tenant isolation, and access control for large-scale data systems
• Understanding of compliance and privacy expectations such as SOC 2, ISO 27001, FedRAMP-style and their practical data handling controls
• Experience applying secure SDLC practices including threat modeling, secure design reviews, and dependency/vulnerability management
• Clear communication skills and ability to work with engineering, SRE, and AppSec teams

Bonus Skills:

• Experience with shared platform services for data protection such as central KMS strategy, entitlement services, tokenization/masking
• Experience building secure observability for data planes and forensics for anomalous access
• Multicloud/hybrid data protection experience
• Security-focused development experience and relevant certifications (Azure security/architecture, cloud security, privacy/data protection)

• Build and maintain shared platform capabilities that enable product teams to securely access Veeam Data Cloud and services with secure-by-default patterns
• Set standard patterns for authentication, authorization, and least-privilege access in a multi-tenant SaaS environment, focusing on customer data access
• Engineer and operationalize privacy-by-design controls including data minimization, purpose limitation, and safe handling of personal/sensitive data
• Build and maintain data lifecycle mechanisms such as retention policies, legal hold support, secure deletion, and export/erasure workflows
• Own the encryption and key management strategy for customer data, including key rotation, access policies, and integrations with platform KMS
• Define and build a shared security and privacy control plane with internal APIs/SDKs and self-service workflows
• Define secure logging, audit trails, and telemetry libraries supporting detection, incident response, and privacy investigations
• Ship production-quality code including services, SDKs, templates, lint rules, CI/CD checks, and infrastructure-as-code guardrails
• Create reference architectures, reusable patterns, developer documentation, run enablement, and define adoption metrics
• Build scalable data-flow mapping and threat modeling mechanisms for features that touch customer data
• Partner with Engineering, SRE, AI Security, Platform Security, Product Security, and Compliance/Privacy stakeholders
• Turn repeat security issues into automated fixes and guardrails to prevent regressions
• Help meet external security and privacy requirements by delivering measurable, auditable, and durable architecture and implementation changes

If the applicant is permanently present outside of Poland, Veeam reserves the right to refuse to consider the application for a job. Remote work is only possible if the employee is located in Poland. Veeam Software is an equal opportunity employer and does not tolerate discrimination in any form. Personal data collected during recruitment will be processed according to Veeam's Recruiting Privacy Notice. By submitting an application, the applicant acknowledges the accuracy of the information provided and understands that misrepresentation may result in disqualification or termination.