Compliance Security Engineer

About the Role

We’re looking for a Compliance Engineer to support and mature the operational compliance posture of our cloud-native SaaS platform. Our products run on Microsoft Azure and AWS, delivering high-trust, secure data protection services to customers across regulated industries.

In this role, you will be a hands-on engineer responsible for building, automating, and running the core ConMon (Continuous Monitoring) activities required for frameworks like FedRAMP, StateRAMP, IRAP, ISO 27001, SOC 2, and other global compliance standards. You will partner directly with engineering, SRE, and Security to ensure our SaaS environment remains compliant, resilient, and ready for audit at all times.

What You’ll Do

• Build and operate continuous monitoring (ConMon) processes across Azure and AWS environments—including log collection, alerting, vulnerability management, configuration baselines, and monthly reporting
• Automate evidence collection, control validation, and compliance tasks to support ongoing audit readiness
• Work with engineers to design solutions that meet complex compliance requirements while enabling developer velocity
• Partner with SRE to monitor system reliability, security posture, and compliance drift across deployed services
• Maintain operational playbooks, ConMon runbooks, and internal standards for system configuration, hardening, and monitoring
• Support reviews of production changes, identity configurations, cloud resources, and architectural decisions to ensure they align with compliance controls
• Collaborate with compliance and security teams to meet frameworks such as FedRAMP, StateRAMP, IRAP, ISO 27001, SOC 2, and more
• Continuously evaluate and improve the security, reliability, and compliance posture of the SaaS platform through automation, guardrails, and policy-as-code

Technologies You’ll Work With

• CI/CD and version control: Azure DevOps, GitHub, Git, Bitbucket
• Azure cloud services: Entra ID, API Management, Storage, Cosmos DB, Functions, App Service, Networking, Defender, Monitor
• AWS cloud services: IAM, ECS/Lambda, DynamoDB, VPC, S3
• IaC: ARM, Terraform, CloudFormation, Serverless Framework
• Observability & monitoring: Azure Monitor, AppInsights, Elastic/ELK
• Compliance & security tooling: SIEM (Azure Sentinel), CNAPP, CSPM, SAST/DAST, vulnerability scanning, configuration/benchmark monitoring tools

What You’ll Bring

• A partner mindset—you work alongside engineering and SRE as an enabler, not a gatekeeper
• Direct experience taking cloud-native platforms through regulated compliance frameworks (FedRAMP, StateRAMP, IRAP, SOC 2, ISO, etc.)
• 3+ years experience with privacy, data residency, and data sovereignty requirements (GDPR, CCPA)
• Experience building and operating Continuous Monitoring (ConMon) processes for cloud environments
• Hands-on experience supporting the security and compliance of production workloads in a SaaS or cloud service provider environment
• Familiarity with security & compliance tooling (SIEM, CNAPP/CSPM, vulnerability scanners, SAST/DAST, log analytics)
• Understanding of Azure IaaS and PaaS services, cloud identity models, IAM, networking, and secure configuration baselines
• Strong problem-solving abilities in distributed, multi-tenant cloud environments
• Experience integrating compliance validation into CI/CD workflows (Azure DevOps, GitHub Actions, etc.)
• Exposure to event-driven cloud architectures (Event Hub, Service Bus, Kafka, etc.)
• Comfortable collaborating with geographically distributed teams and communicating in English

Bonus Skills

• Relevant cloud or DevOps certifications (AZ-500, AZ-400, AWS DevOps, Security certifications)
• Experience operating AKS/Kubernetes and container security tooling
• Development familiarity (C#, .NET, Python) for automating compliance tasks and integrations
• Experience supporting SaaS products through enterprise and regulatory frameworks (FedRAMP, HITRUST, SOC 2)

What You’ll Get 

• 25 vacation days, four sick days, 21 paid medical leave days, plus 3 extra global VeeaMe Days for self-care
• Premium private medical insurance for employees and dependents
• Daily meal vouchers for restaurants and groceries
• Flexible cafeteria platform with thousands of lifestyle benefit options
• Multisport Card for gym and wellness, with family add-on options
• Annual public transport reimbursement up to a set limit
• Corporate mobile plan with optional family tariff
• 24 paid volunteer hours annually through Veeam Cares
• Professional training and education, including courses and workshops, internal meetups, and unlimited access to our online learning platforms (LinkedIn Learning, Athena, O’Reilly) and mentoring through our MentorLab program

Please note: If the applicant is permanently present outside of the Czech Republic, Veeam reserves the right to refuse to consider the application for a job. Remote job is only possible in case the employee is located in the Czech Republic.

#LI-EZ1
#Remote