Product & Application Security Engineer

Veeam is a global leader in data resilience, providing solutions for data backup, recovery, and security. They are seeking a Senior Security Engineer to embed security throughout the software development lifecycle, ensuring secure features and addressing vulnerabilities in their Kubernetes data protection software.

Responsibilities:

• Triage and fix security alerts from tools like Grype, Cycode, and Wiz
• Implement code fixes for security tech-debt across our stack
• Conduct Threat Modeling sessions for upcoming epics and features in our two-week sprint cycles
• Serve as a Subject Matter Expert on Kubernetes security primitives (RBAC, unprivileged containers, network policies) for the engineering team, owning metrics and definition of success, share best practices through workshops, reviews, and documentation
• Lead audits, incidents, and compliance reviews representing the engineering team with the wider security community in Veeam

Requirements:

• Competent developer in Go (Golang)
• Exposure to modern frontend frameworks like Vue.js
• Extensive experience with Kubernetes and understanding of its security primitives
• Experience integrating security into the early stages of the Software Development Life Cycle
• Familiarity with modern AppSec and Supply Chain tools (specifically Grype, Cycode, and Wiz)
• Ability to balance theoretical security perfection with the practical reality of shipping software on a continuously frequent basis