Compliance Security Engineer

The Compliance Engineer will support and mature the operational compliance posture of the company's cloud-native SaaS platform on Microsoft Azure and AWS. This hands-on role involves building, automating, and running Continuous Monitoring (ConMon) activities for frameworks like FedRAMP, StateRAMP, IRAP, ISO 27001, and SOC 2. The engineer will partner with engineering, SRE, and Security teams to ensure the SaaS environment remains compliant, resilient, and audit-ready, focusing on automation, guardrails, and policy-as-code.

Must Have

• Build and operate continuous monitoring (ConMon) processes for Azure and AWS environments.
• Automate evidence collection, control validation, and compliance tasks.
• Design solutions that meet complex compliance requirements.
• Monitor system reliability, security posture, and compliance drift.
• Maintain operational playbooks, ConMon runbooks, and internal standards.
• Support reviews of production changes, identity configurations, cloud resources, and architectural decisions.
• Collaborate with compliance and security teams to meet frameworks such as FedRAMP, StateRAMP, IRAP, ISO 27001, SOC 2.
• Continuously evaluate and improve security, reliability, and compliance posture through automation, guardrails, and policy-as-code.
• Direct experience taking cloud-native platforms through regulated compliance frameworks.
• 3+ years experience with privacy, data residency, and data sovereignty requirements (GDPR, CCPA).
• Hands-on experience supporting the security and compliance of production workloads in a SaaS or cloud service provider environment.
• Familiarity with security & compliance tooling (SIEM, CNAPP/CSPM, vulnerability scanners, SAST/DAST, log analytics).
• Understanding of Azure IaaS and PaaS services, cloud identity models, IAM, networking, and secure configuration baselines.
• Experience integrating compliance validation into CI/CD workflows.
• Exposure to event-driven cloud architectures (Event Hub, Service Bus, Kafka).
• Comfortable collaborating with geographically distributed teams and communicating in English.

Good to Have

• Relevant cloud or DevOps certifications (AZ-500, AZ-400, AWS DevOps, Security certifications)
• Experience operating AKS/Kubernetes and container security tooling
• Development familiarity (C#, .NET, Python) for automating compliance tasks and integrations
• Experience supporting SaaS products through enterprise and regulatory frameworks (FedRAMP, HITRUST, SOC 2)

Perks & Benefits

• 25 vacation days, four sick days, 21 paid medical leave days, plus 3 extra global VeeaMe Days for self-care
• Premium private medical insurance for employees and dependents
• Daily meal vouchers for restaurants and groceries
• Flexible cafeteria platform with thousands of lifestyle benefit options
• Multisport Card for gym and wellness, with family add-on options
• Annual public transport reimbursement up to a set limit
• Corporate mobile plan with optional family tariff
• 24 paid volunteer hours annually through Veeam Cares
• Professional training and education, including courses and workshops, internal meetups, and unlimited access to our online learning platforms (LinkedIn Learning, Athena, O’Reilly) and mentoring through our MentorLab program

The #1 global market leader in data resilience, believes businesses should control all their data whenever and wherever they need it. The company provides data resilience through data backup, data recovery, data portability, data security, and data intelligence. Based in Seattle, the company protects over 550,000 customers worldwide who trust the company to keep their businesses running. Join us as we move forward together, growing, learning, and making a real impact for some of the world’s biggest brands. The future of data resilience is here - go fearlessly forward with us.

About the Role

We’re looking for a Compliance Engineer to support and mature the operational compliance posture of our cloud-native SaaS platform. Our products run on Microsoft Azure and AWS, delivering high-trust, secure data protection services to customers across regulated industries.

In this role, you will be a hands-on engineer responsible for building, automating, and running the core ConMon (Continuous Monitoring) activities required for frameworks like FedRAMP, StateRAMP, IRAP, ISO 27001, SOC 2, and other global compliance standards. You will partner directly with engineering, SRE, and Security to ensure our SaaS environment remains compliant, resilient, and ready for audit at all times.

What You’ll Do

• Build and operate continuous monitoring (ConMon) processes across Azure and AWS environments—including log collection, alerting, vulnerability management, configuration baselines, and monthly reporting
• Automate evidence collection, control validation, and compliance tasks to support ongoing audit readiness
• Work with engineers to design solutions that meet complex compliance requirements while enabling developer velocity
• Partner with SRE to monitor system reliability, security posture, and compliance drift across deployed services
• Maintain operational playbooks, ConMon runbooks, and internal standards for system configuration, hardening, and monitoring
• Support reviews of production changes, identity configurations, cloud resources, and architectural decisions to ensure they align with compliance controls
• Collaborate with compliance and security teams to meet frameworks such as FedRAMP, StateRAMP, IRAP, ISO 27001, SOC 2, and more
• Continuously evaluate and improve the security, reliability, and compliance posture of the SaaS platform through automation, guardrails, and policy-as-code

Technologies You’ll Work With

• CI/CD and version control: Azure DevOps, GitHub, Git, Bitbucket
• Azure cloud services: Entra ID, API Management, Storage, Cosmos DB, Functions, App Service, Networking, Defender, Monitor
• AWS cloud services: IAM, ECS/Lambda, DynamoDB, VPC, S3
• IaC: ARM, Terraform, CloudFormation, Serverless Framework
• Observability & monitoring: Azure Monitor, AppInsights, Elastic/ELK
• Compliance & security tooling: SIEM (Azure Sentinel), CNAPP, CSPM, SAST/DAST, vulnerability scanning, configuration/benchmark monitoring tools

What You’ll Bring

• A partner mindset—you work alongside engineering and SRE as an enabler, not a gatekeeper
• Direct experience taking cloud-native platforms through regulated compliance frameworks (FedRAMP, StateRAMP, IRAP, SOC 2, ISO, etc.)
• 3+ years experience with privacy, data residency, and data sovereignty requirements (GDPR, CCPA)
• Experience building and operating Continuous Monitoring (ConMon) processes for cloud environments
• Hands-on experience supporting the security and compliance of production workloads in a SaaS or cloud service provider environment
• Familiarity with security & compliance tooling (SIEM, CNAPP/CSPM, vulnerability scanners, SAST/DAST, log analytics)
• Understanding of Azure IaaS and PaaS services, cloud identity models, IAM, networking, and secure configuration baselines
• Strong problem-solving abilities in distributed, multi-tenant cloud environments
• Experience integrating compliance validation into CI/CD workflows (Azure DevOps, GitHub Actions, etc.)
• Exposure to event-driven cloud architectures (Event Hub, Service Bus, Kafka, etc.)
• Comfortable collaborating with geographically distributed teams and communicating in English

Bonus Skills

• Relevant cloud or DevOps certifications (AZ-500, AZ-400, AWS DevOps, Security certifications)
• Experience operating AKS/Kubernetes and container security tooling
• Development familiarity (C#, .NET, Python) for automating compliance tasks and integrations
• Experience supporting SaaS products through enterprise and regulatory frameworks (FedRAMP, HITRUST, SOC 2)

What You’ll Get

• 25 vacation days, four sick days, 21 paid medical leave days, plus 3 extra global VeeaMe Days for self-care
• Premium private medical insurance for employees and dependents
• Daily meal vouchers for restaurants and groceries
• Flexible cafeteria platform with thousands of lifestyle benefit options
• Multisport Card for gym and wellness, with family add-on options
• Annual public transport reimbursement up to a set limit
• Corporate mobile plan with optional family tariff
• 24 paid volunteer hours annually through the company Cares
• Professional training and education, including courses and workshops, internal meetups, and unlimited access to our online learning platforms (LinkedIn Learning, Athena, O’Reilly) and mentoring through our MentorLab program

Please note: If the applicant is permanently present outside of the Czech Republic, the company reserves the right to refuse to consider the application for a job. Remote job is only possible in case the employee is located in the Czech Republic.

#LI-EZ1

#Remote

***

The company is an equal opportunity employer and does not tolerate discrimination in any form on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state or local law. All your information will be kept confidential.

Please note that any personal data collected from you during the recruitment process will be processed in accordance with our Recruiting Privacy Notice.

.

The Privacy Notice sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us in connection with our recruitment processes.

By applying for this position, you consent to the processing of your personal data in accordance with our Recruiting Privacy Notice.

By submitting your application, you acknowledge that the information provided in your job application and any supporting documents is complete and accurate to the best of your knowledge. Any misrepresentation, omission, or falsification of information may result in disqualification from consideration for employment or, if discovered after employment begins, termination of employment.