Veeam is the Data and AI Trust Company, specializing in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. As the market leader in both data resilience and data security posture management, Veeam is built for the convergence of identity, data, security, and AI risk. Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, who trust Veeam to keep their businesses running. Join us as we go fearlessly forward together, growing, learning, and making a real impact for some of the world鈥檚 biggest brands.
About the Role
We鈥檙e聽looking for a Staff Security Engineer to define and drive the聽authentication and authorization聽architecture聽for Veeam Data Cloud (VDC) , our cloud-native SaaS platform. This role is centered on evaluating, defining, and evolving our聽authorization model - including聽RBAC聽and聽API access control聽across VDC services and teams.聽You鈥檒l聽partner closely with product and platform engineering to ensure access is consistently designed, implemented, and enforced across the product.聽
聽
We provide secure data protection services on AWS, Azure, and GCP, integrating with platforms like Microsoft 365 and Salesforce for customers in regulated industries
What You鈥檒l Do
-
Define end-to-end security architecture for聽identity and authorization聽across VDC (control plane and data plane)聽
-
Evaluate and define聽authorization standards聽for multi-tenant SaaS, including聽RBAC/ABAC patterns,聽API authorization, and consistent permission modeling across services聽
-
Define role/permission models for customer users, customer admins, internal support/admin access, and service-to-service authorization聽
-
Design and standardize identity and authorization for聽agents and connectors聽running in customer environments (token/scopes, least privilege, rotation)聽
-
Define shared security capabilities like鈥痶enant isolation, policy enforcement, and rate limiting聽
-
Set standards for鈥痵ecure logging and telemetry鈥痜or authentication and authorization聽
-
Turn repeat security issues into鈥痳eusable guardrails and shared services聽
-
Support compliance work (e.g.,鈥疭OC 2, FedRAMP-style, IRAP) through lasting design improvements聽
-
Be hands-on in implementation: write code, perform code reviews, and聽submit聽PRs to VDC repositories; at times, embed with product teams to deliver authorization changes end-to-end聽
-
Join design reviews and help teams adopt standard security patterns聽
What You鈥檒l Bring
-
Proven background as a鈥疭ecurity Architect / Senior Security Engineer聽/ Software Engineering鈥痜or鈥痗loudnative, multitenant SaaS聽
-
Strong, hands-on聽expertise聽integrating and operating聽Okta,聽Auth0, and/or聽Keycloak聽from a software engineering perspective (SDKs/APIs, OIDC/OAuth flows, token handling, automation)聽
-
Strong software engineering background: proficiency in one or more of C#/.NET, Go, Java, Python, or TypeScript
-
Deep knowledge of聽authorization聽concepts and implementation:聽RBAC, permission modeling, policy enforcement,聽OAuth2/OIDC, JWT,聽mTLS, workload identities, tenant isolation, and secure API design聽
-
Strong鈥疉zure聽security architecture鈥痥nowledge (Entra ID, AKS, networking, monitoring, hardening)聽
-
Experience turning vulnerability patterns聽for聽AAA聽into鈥痵calable platform solutions聽
-
Strong communication聽skills in English; comfortable in distributed teams聽
Bonus Skills
-
Building shared聽authn/authz聽libraries, policy engines, or security control plane services聽
-
Secure logging/telemetry design and data sanitization聽
-
Multicloud/hybrid identity experience聽
**What You鈥檒l Get聽**
-
25 vacation days, 4 sick days, 21 paid medical leave days, plus 4 extra global VeeaMe Days for self-care and 24 paid volunteer hours annually through Veeam Cares
-
Premium private medical insurance for employees and dependents
-
Daily meal vouchers for restaurants and groceries (180 CZK per working day)
-
Flexible cafeteria platform with thousands of lifestyle benefit options
-
Multisport Card for gym and wellness, with family add-on options
-
Annual public transport reimbursement up to a set limit
-
Corporate mobile plan with optional family tariff
-
Opportunities to learn and grow through on-demand libraries (LinkedIn Learning, O鈥橰eilly), mentoring, workshops and learning events like our annual Global Day of Learning
#LI-TK1
**Veeam Software is an equal opportunity employer **and does not tolerate discrimination in any form based on race, color, religion, gender, age, national origin, citizenship, disability, veteran status, or any other classification protected by applicable law. All information you provide will be kept confidential.
Personal data collected during the recruitment process will be processed in accordance with our Recruiting Privacy Notice , which explains how your information is collected, used, and handled in connection with hiring activities. By applying for this position, you consent to this processing.
By submitting your application, you confirm that the information provided, including any supporting documents, is complete and accurate to the best of your knowledge. Any misrepresentation, omission, or falsification may result in disqualification from consideration or, if discovered after employment begins, termination of employment.