Senior Data Security & Privacy Engineer

About the Role

Veeam is looking for a Senior Data Security & Privacy Engineer to own privacy-by-design and data protection engineering for the Veeam Data Cloud (VDC) data plane on Microsoft Azure and AWS. You will be the dedicated security and privacy engineering partner for VDC, responsible for how customer data is classified, ingested, encrypted, stored, processed, accessed, monitored, retained, and deleted across VDC workloads. 
 
This is a product security and enablement role: you will build shared security/privacy services, guardrails, and paved roads that make secure, compliant defaults easy for product teams to adopt. You will ship code via pull requests, provide reference implementations and self-service tooling, and measure adoption to drive consistent protections across the data plane. 
 

What You’ll Do

• Build and maintain shared platform capabilities that enable product teams to securely access Veeam Data Cloud and services (humans, services, agents) with secure-by-default patterns
• Set standard patterns for authentication, authorization, and least-privilege access in a multi-tenant SaaS environment, with explicit focus on customer data access (humans, services, automation, break-glass) 
• Engineer and operationalize privacy-by-design controls: data minimization, purpose limitation, and safe-by-default handling of personal/sensitive data (incl. data discovery and classification)
• Build and maintain data lifecycle mechanisms (retention policies, legal hold support where applicable, secure deletion, export/erasure workflows) that scale across tenants and regions
• Own the encryption and key management strategy for customer data (in transit and at rest), including key rotation, access policies, and integrations with platform KMS (e.g., Azure Key Vault / managed HSM where used)
• Define and build a shared security + privacy control plane with internal APIs/SDKs and self-service workflows (tenant isolation, policy-as-code, consistent enforcement, abuse/rate limiting, and guardrails that reduce the chance of data exposure)
• Define secure logging, audit trails, and telemetry libraries (what we log, how we avoid/ redact sensitive data, how logs support detection, incident response, and privacy investigations) 
• Ship production-quality code (services, SDKs, templates, lint rules, CI/CD checks, infrastructure-as-code guardrails) that creates paved roads and makes the secure path the default path for product teams
• Create reference architectures, reusable patterns, and developer documentation; run enablement (onboarding, office hours) and define adoption metrics to drive consistent rollout across teams 
• Build scalable data-flow mapping and threat modeling mechanisms (templates, tooling, review checklists) for features that touch customer data; translate findings into platform backlog items and reusable controls 
• Partner with Engineering, SRE, AI Security, Platform Security, Product Security, and Compliance/Privacy stakeholders to improve security and privacy baselines for our services. 
• Turn repeat security issues (dependencies/SBOM, container/VM findings, secrets exposure, pentest items) into automated fixes and guardrails (policies, pipelines, templates) that prevent regressions
• Help meet external security and privacy requirements (e.g., SOC 2 / ISO / FedRAMP-style / IRAP) by delivering architecture and implementation changes that are measurable, auditable, and durable

What You’ll Bring

• Experience as a Security Architect / Data Security Engineer / Privacy Engineer in a cloud-native, multi-tenant SaaS, with clear ownership of data protection and privacy engineering outcomes
• Strong knowledge of Azure security and data services (identity/managed identities, Key Vault, storage, databases, networking), and the ability to apply the right controls to protect customer data at scale (AWS familiarity is a plus)
• Strong software engineering background and proven ability to ship and maintain production systems: proficiency in one or more of C#/.NET, Go, Java, Python, or TypeScript; comfortable with pull requests, code reviews, testing, and CI/CD
• Hands-on experience engineering encryption, key management, tenant isolation, and access control for large-scale data systems (including designing for incident response and forensics) 
• Understanding of compliance and privacy expectations (SOC 2 / ISO 27001 / FedRAMP-style) and how they translate into practical data handling controls (auditability, least privilege, retention/deletion, data residency as applicable) 
• Track record applying secure SDLC practices (threat modeling, secure design reviews, dependency/vulnerability management) and turning requirements into code and automation
• Clear communication and ability to work with engineering/SRE/AppSec teams 

Bonus Skills

• Shared platform services for data protection (central KMS strategy, entitlement services, tokenization/masking) 
• Experience building secure observability for data planes and forensics for anomalous access 
• Multicloud/hybrid data protection experience 
• Security-focused development experience and relevant certifications (Azure security/architecture, cloud security, privacy/data protection)

What You’ll Get 

• 26 paid days off annually, plus 4 extra global VeeaMe Days for self-care and 24 paid volunteer hours annually through Veeam Cares
• Paid parental, maternity, and paternity leave
• Fully covered family medical plan, dental, rehab, and vaccinations
• Life, critical illness, and disability insurance
• Employer pension contribution via PPK
• Monthly Edenred allowance of 450 PLN for meals
• MultiSport card fully covered by Veeam, giving access to sports facilities nationwide
• Up to 12 free therapy sessions annually, plus legal and financial advice
• Opportunities to learn and grow through on-demand libraries (LinkedIn Learning, O’Reilly), mentoring, workshops and learning events like our annual Global Day of Learning

Please note: If the applicant is permanently present outside of Poland, Veeam reserves the right to refuse to consider the application for a job. Remote job is only possible in case the employee is located in Poland.

#LI-JM2
#Hybrid