Staff Security Engineer

Veeam is the Data and AI Trust Company, specializing in data resilience and data security posture management. Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide. The role focuses on defining and driving authentication and authorization architecture for Veeam Data Cloud (VDC), a cloud-native SaaS platform providing secure data protection services on AWS, Azure, and GCP, integrating with platforms like Microsoft 365 and Salesforce for customers in regulated industries.

• Proven background as a Security Architect / Senior Security Engineer / Software Engineer for cloud-native, multitenant SaaS
• Strong, hands-on expertise integrating and operating Okta, Auth0, and/or Keycloak from a software engineering perspective (SDKs/APIs, OIDC/OAuth flows, token handling, automation)
• Proficiency in one or more of C#/.NET, Go, Java, Python, or TypeScript
• Deep knowledge of authorization concepts and implementation: RBAC, permission modeling, policy enforcement, OAuth2/OIDC, JWT, mTLS, workload identities, tenant isolation, and secure API design
• Strong Azure security architecture knowledge (Entra ID, AKS, networking, monitoring, hardening)
• Experience turning vulnerability patterns for AAA into scalable platform solutions
• Strong communication skills in English; comfortable in distributed teams

Bonus Skills:

• Building shared authn/authz libraries, policy engines, or security control plane services
• Secure logging/telemetry design and data sanitization
• Multicloud/hybrid identity experience

• Define end-to-end security architecture for identity and authorization across VDC (control plane and data plane)
• Evaluate and define authorization standards for multi-tenant SaaS, including RBAC/ABAC patterns, API authorization, and consistent permission modeling across services
• Define role/permission models for customer users, customer admins, internal support/admin access, and service-to-service authorization
• Design and standardize identity and authorization for agents and connectors running in customer environments (token/scopes, least privilege, rotation)
• Define shared security capabilities like tenant isolation, policy enforcement, and rate limiting
• Set standards for secure logging and telemetry for authentication and authorization
• Turn repeat security issues into reusable guardrails and shared services
• Support compliance work (e.g., SOC 2, FedRAMP-style, IRAP) through lasting design improvements
• Write code, perform code reviews, and submit PRs to VDC repositories; embed with product teams to deliver authorization changes end-to-end
• Join design reviews and help teams adopt standard security patterns

If the applicant is permanently present outside of Poland, Veeam reserves the right to refuse to consider the application for a job. Remote work is only possible if the employee is located in Poland.

Veeam Software is an equal opportunity employer and does not tolerate discrimination in any form on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state or local law. All information will be kept confidential.

Personal data collected during recruitment will be processed in accordance with Veeam's Recruiting Privacy Notice. By applying, candidates consent to this processing. Misrepresentation or falsification of information may result in disqualification or termination of employment.