Product & Application Security Engineer

About the Role

We are looking for a Senior Security Engineer who thinks like a product architect and codes like a software engineer. At Veeam Kasten, we release market-leading Kubernetes data protection software, which makes security critical to safeguarding our  customers' environments and data. This role ensures security is embedded throughout the lifecycle, not just as a gate at the end. You will partner with engineering teams during the whiteboard phase to design secure features and dive into the codebase to find and fix vulnerabilities.

Your Impact

• Design & Architecture: You will be the primary security voice in design reviews. You will perform threat modeling on new features, identifying architectural risks before a single line of code is written 
• Code-Level Security: You will actively review Pull Requests and conduct deep-dive code audits. You won't just run scanners; you will manually analyze logic in our code to find complex flaws that automated tools miss
• Vulnerability Remediation: unlike traditional security roles that only "report" bugs, you will help fix them. You will triage findings from our tooling and write production-ready patches to resolve vulnerabilities
• Secure Software Supply Chain: You will oversee the integrity of our build dependencies, ensuring that the open-source libraries we import (and the tools we use to build them) are secure

What You’ll Do

• Triage and fix security alerts from tools like Grype, Cycode, and Wiz
• Implement code fixes for security tech-debt across our stack
• Conduct Threat Modeling sessions for upcoming epics and features in our two-week sprint cycles
• Serve as a Subject Matter Expert on Kubernetes security primitives (RBAC, unprivileged containers, network policies) for the engineering team, owning metrics and definition of success, share best practices through workshops, reviews, and documentation
• Lead audits, incidents, and compliance reviews representing the engineering team with the wider security community in Veeam

Technologies You’ll Work With

Core: Go, Vue.js, Docker, Kubernetes 
Security Tooling: Grype, Syft, Checkmarx, Cycode, Wiz 
Environment: Public Cloud (Azure/AWS/GCP), On-Prem K8s distributions (OpenShift, Tanzu)

What You’ll Bring

• Developer DNA: You are a competent developer in Go (Golang) and have exposure to modern frontend frameworks like Vue.js.
• Kubernetes Native: Youʼve worked extensively with Kubernetes and understand itʼs security primitives.
• Shift-Left Mindset: You have experience integrating security into the early stages of the Software Development Life Cycle.
• Tooling Familiarity: Experience with modern AppSec and Supply Chain tools (specifically Grype, Cycode, and Wiz) is a strong plus.
• Pragmatism: You can balance theoretical security perfection with the practical reality of shipping software on a continuously frequent basis.

What You’ll Get 

• Unlimited paid time off, plus 3 global VeeaMe Days for self-care
• Paid parental leave: 8 weeks for all parents, 16 weeks for birthing parents
• Medical, dental, and vision coverage from day one
• Mental health support, therapy sessions, and digital wellness tools via SupportLinc EAP
• 401(k) retirement plan with matching contributions up to annual limits
• Fertility, adoption, and surrogacy support through Maven, plus paid volunteer time
• AirVet: 24/7 virtual veterinary care at no cost
• Legal services, identity protection, and supplemental health insurance options
• Tax-advantaged spending accounts for healthcare, dependent care, and commuting
• Professional training and education, including courses and workshops, internal meetups, and unlimited access to our online learning platforms (LinkedIn Learning, Athena, O’Reilly) and mentoring through our MentorLab program