Product & Application Security Engineer
About the role
We are looking for a Senior Security Engineer who thinks like a product architect and codes like a software engineer. At Veeam Kasten, we release market-leading Kubernetes data protection software, which makes security critical to safeguarding our customers' environments and data. This role ensures security is embedded throughout the lifecycle, not just as a gate at the end.
Responsibilities
- You will be the primary security voice in design reviews.
- You will perform threat modeling on new features, identifying architectural risks before a single line of code is written.
- You will actively review Pull Requests and conduct deep-dive code audits.
- You won't just run scanners; you will manually analyze logic in our code to find complex flaws that automated tools miss.
- You will help fix vulnerabilities. You will triage findings from our tooling and write production-ready patches to resolve vulnerabilities.
- You will oversee the integrity of our build dependencies, ensuring that the open-source libraries we import (and the tools we use to build them) are secure.
What You’ll Do
- Triage and fix security alerts from tools like Grype, Cycode, and Wiz.
- Implement code fixes for security tech-debt across our stack.
- Conduct Threat Modeling sessions for upcoming epics and features in our two-week sprint cycles.
- Serve as a Subject Matter Expert on Kubernetes security primitives (RBAC, unprivileged containers, network policies) for the engineering team, owning metrics and definition of success, share best practices through workshops, reviews, and documentation.
- Lead audits, incidents, and compliance reviews representing the engineering team with the wider security community in Veeam Technologies.
Core
- Go, Vue.js, Docker, Kubernetes
Security Tooling
- Grype, Syft, Checkmarx, Cycode, Wiz
Environment
- Public Cloud (Azure/AWS/GCP)
- On-Prem K8s distributions (OpenShift, Tanzu)
What You’ll Bring
- Developer DNA: Competent developer in Go (Golang) and exposure to modern frontend frameworks like Vue.js.
- Kubernetes Native: Extensive experience with Kubernetes and understanding its security primitives.
- Shift-Left Mindset: Experience integrating security into the early stages of the Software Development Life Cycle.
- Tooling Familiarity: Experience with modern AppSec and Supply Chain tools (specifically Grype, Cycode, and Wiz).
- Pragmatism: Ability to balance theoretical security perfection with the practical reality of shipping software on a continuous basis.
What You'll Get
- Unlimited paid time off, 12 paid holidays including 4 global Veeam Days for self-care and 24 paid volunteer hours annually through Veeam Cares.
- Paid parental leave: 8 weeks for all parents, 16 weeks for birthing parents.
- Mental health support, therapy sessions, and digital wellness tools via our Employee Assistance Program.
- 401(k) retirement plan with company matching contributions.
- Fertility, adoption, and surrogacy support through Maven, plus paid volunteer time.
- AirVet: 24/7 virtual veterinary care at no cost.
- Legal services, identity protection, and supplemental health insurance options.
- Tax-advantaged spending accounts for healthcare, dependent care, and commuting.
- Opportunities to learn and grow through on-demand libraries (LinkedIn Learning, O'Reilly), mentoring, workshops, and learning events like our annual Global Day of Learning.
Compensation Transparency
Veeam is committed to pay transparency and equitable compensation. For this role, the compensation range below reflects the expected total target compensation (TTC), inclusive of base pay and a competitive performance-based bonus. For roles with a commission plan, the compensation range represents On Target Earnings (OTE), which includes base salary plus variable commission. When determining compensation, Veeam takes into consideration factors such as experience, education, skills, and geographic zone. Offers are typically made below the midpoint of the range. In addition to compensation, Veeam provides a comprehensive benefits package, including health coverage, retirement plans, and unlimited time off.