Senior Data Security & Privacy Engineer

Veeam is the Data and AI Trust Company, specializing in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. As the market leader in both data resilience and data security posture management, Veeam is built for the convergence of identity, data, security, and AI risk. Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, who trust Veeam to keep their businesses running. Join us as we go fearlessly forward together, growing, learning, and making a real impact for some of the world’s biggest brands. About the Role Veeam is looking for a Senior Data Security Privacy Engineer to own privacy-by-design and data protection engineering for the Veeam Data Cloud (VDC) data plane on Microsoft Azure and AWS . You will be the dedicated security and privacy engineering partner for VDC, responsible for how customer data is classified, ingested, encrypted, stored, processed, accessed, monitored , retained, and deleted across VDC workloads. This is a product security and enablement role: you will build shared security/privacy services , guardrails , and paved roads that make secure, compliant defaults easy for product teams to adopt. You will ship code via pull requests , provide reference implementations and self-service tooling , and measure adoption to drive consistent protections across the data plane. What You’ll Do Build and maintain shared platform capabilities that enable product teams to securely access Veeam Data Cloud and services (humans, services, agents) with secure-by-default patterns Set standard patterns for authentication, authorization, and least-privilege access in a multi-tenant SaaS environment, with explicit focus on customer data access (humans, services, automation, break-glass) Engineer and operationalize privacy-by-design controls: data minimization, purpose limitation, and safe-by-default handling of personal/sensitive data (incl. data discovery and classification) Build and maintain data lifecycle mechanisms (retention policies, legal hold support where applicable, secure deletion, export/erasure workflows) that scale across tenants and regions Own the encryption and key management strategy for customer data (in transit and at rest), including key rotation, access policies, and integrations with platform KMS (e.g., Azure Key Vault / managed HSM where used) Define and build a shared security + privacy control plane with internal APIs/SDKs and self-service workflows (tenant isolation, policy-as-code, consistent enforcement, abuse/rate limiting, and guardrails that reduce the chance of data exposure) Define secure logging, audit trails, and telemetry libraries (what we log, how we avoid/ redact sensitive data , how logs support detection, incident response, and privacy investigations) Ship production-quality code (services, SDKs, templates, lint rules, CI/CD checks, infrastructure-as-code guardrails) that creates paved roads and makes the secure path the default path for product teams Create reference architectures , reusable patterns, and developer documentation; run enablement (onboarding, office hours) and define adoption metrics to drive consistent rollout across teams Build scalable data-flow mapping and threat modeling mechanisms (templates, tooling, review checklists) for features that touch customer data; translate findings into platform backlog items and reusable controls Partner with Engineering, SRE, AI Security, Platform Security, Product Security, and Compliance/Privacy stakeholders to improve security and privacy baselines for our services. Turn repeat security issues (dependencies/SBOM, container/VM findings, secrets exposure, pentest items) into automated fixes and guardrails (policies, pipelines, templates) that prevent regressions Help meet external security and priva ... (truncated, view full listing at source)