Application Security Engineer, VDC

Veeam, the #1 global market leader in data resilience, believes businesses should control all their data whenever and wherever they need it. Veeam provides data resilience through data backup, data recovery, data portability, data security, and data intelligence. Based in Seattle, Veeam protects over 550,000 customers worldwide who trust Veeam to keep their businesses running. Join us as we move forward together, growing, learning, and making a real impact for some of the world’s biggest brands. The future of data resilience is here - go fearlessly forward with us.

We are looking for an Application Security Engineer to join our growing team of experts supporting our cloud-native SaaS platform. The SaaS solutions we develop and offer to our customers are built on Microsoft Azure, delivering secure, scalable, and enterprise-grade data protection services. This role will focus on building and maturing our identity and access management (IAM) strategy across our Azure multi-tenant applications.

Your tasks will include:

• Designing and securing authentication and authorization flows across Azure multi-tenant enterprise applications
• Driving adoption of secure identity patterns, including OAuth2, OpenID Connect, and SAML
• Integrating and securing Azure Entra ID (formerly Azure AD), including App Registrations, App Roles, consent frameworks, and Graph API
• Implementing and refining Role-Based Access Control (RBAC), Just-in-Time access (PIM), and conditional access policies
• Conducting threat modeling and security reviews for IAM architecture and features
• Collaborating with engineering and platform teams to harden identity surfaces and enforce least privilege access
• Contributing to access management audit support for compliance frameworks such as FedRAMP, SOC 2, and ISO 27001

Technologies we work with:

• Azure Entra ID, Microsoft Graph API, Azure App Registrations, API Management
• Azure Functions, Cosmos DB, Azure Storage, Static Web Apps
• Atlassian Suite, Azure DevOps, GitHub
• IaC tools: Terraform, Azure ARM templates
• CI/CD: Azure DevOps Pipelines, GitHub Actions
• Observability: Azure Monitor, AppInsights, Elastic Cloud (ELK)

What we expect from you:

• 3+ years of experience in Application Security, Identity Engineering, or Cloud Security with a focus on IAM
• Demonstrated hands-on experience with Azure Entra ID, including multi-tenant SaaS identity integrations
• Strong understanding of modern identity standards: OAuth2, OIDC, SAML, SCIM
• Familiarity with Microsoft Graph API, App Permissions, and Azure RBAC models
• Experience designing and securing Azure PaaS applications
• Proven ability to support engineering and SRE teams with secure identity practices
• Experience working in CI/CD environments with integrated security tooling
• Fluent English, with the ability to collaborate with globally distributed teams

Will be an advantage:

• Experience leading or supporting SaaS compliance programs (FedRAMP, SOC 2, ISO 27001)
• Familiarity with threat modeling methodologies (STRIDE, LINDDUN)
• Experience with C#/.NET/GO and securing authentication flows in application code
• Working knowledge of AWS identity services (IAM, Cognito, STS) a plus
• Understanding of cryptography in application contexts (certificates, token signing, etc.)