Logo for DDN Storage

Principal Engineer – Security Architecture

Role overview

Qualifications

  • Bachelor’s or Master’s degree in Computer Science, Engineering, Cybersecurity, or a related technical field.
  • 12+ years of experience in security architecture, distributed systems security, infrastructure security, or large-scale platform engineering.
  • Proven track record designing and securing large-scale distributed systems, storage platforms, or cloud-native infrastructure.
  • Deep understanding of distributed system architectures, including data path and control plane security models.

Responsibilities

  • Define and lead the long-term security architecture strategy for distributed storage platforms.
  • Establish security architecture standards and secure-by-design principles across various layers.
  • Partner with Data Path engineering teams to secure high-performance data movement across storage tiers.
  • Drive security architecture reviews, threat modeling, and Secure Software Development Lifecycle (SSDLC) practices.

About the company

DDN Storage  logo

DDN Storage

Information Technology & Services

DDN is the world’s largest private data storage company and the leading provider of intelligent technology and infrastructure solutions for Enterprise At Scale, AI and analytics, HPC, government and academia customers. Through its DDN and Tintri divisions, the company delivers AI, Data Management software and hardware solutions, and unified analytics frameworks to solve complex business challenges for data-intensive, global organizations. DDN provides its enterprise customers with the most flexible, efficient and reliable data storage solutions for on-premises and multi-cloud environments at any scale. Over the last two decades, DDN has established itself as the data management provider of choice for over 11,000 enterprises, government, and public-sector customers, including many of the world’s leading financial services firms, life science organizations, manufacturing and energy companies, research facilities, and web and cloud service providers.

Company details

Company typeScaleup
IndustryInformation Technology & Services
Company size501 - 1000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Overview:

This is an incredible opportunity to be part of a company that has been at the forefront of AI and high-performance data storage innovation for over two decades. DataDirect Networks (DDN) is a global market leader renowned for powering many of the world's most demanding AI data centers, in industries ranging from life sciences and healthcare to financial services, autonomous cars, Government, academia, research and manufacturing.

  

"DDN's A3I solutions are transforming the landscape of AI infrastructure." – IDC 

 

“The real differentiator is DDN. I never hesitate to recommend DDN. DDN is the de facto name for AI Storage in high performance environments” - Marc Hamilton, VP, Solutions Architecture & Engineering | NVIDIA 

  

DDN is the global leader in AI and multi-cloud data management at scale. Our cutting-edge data intelligence platform is designed to accelerate AI workloads, enabling organizations to extract maximum value from their data. With a proven track record of performance, reliability, and scalability, DDN empowers businesses to tackle the most challenging AI and data-intensive workloads with confidence. 

  

Our success is driven by our unwavering commitment to innovation, customer-centricity, and a team of passionate professionals who bring their expertise and dedication to every project. This is a chance to make a significant impact at a company that is shaping the future of AI and data management. 

  

Our commitment to innovation, customer success, and market leadership makes this an exciting and rewarding role for a driven professional looking to make a lasting impact in the world of AI and data storage. 

Job Description:

DDN is seeking a highly accomplished Principal Engineer – Security Architecture to define and drive the security strategy for next-generation distributed storage platforms spanning S3-compatible object storage, POSIX-compliant file systems, and KV cache–based data services. This role is responsible for architecting secure-by-design systems across the data path, control plane, and ecosystem/protocol layers that power high-performance, multi-tenant, AI-driven infrastructure at massive scale.

 

As a senior technical leader, you will partner closely with storage architects, protocol engineers, platform teams, and security stakeholders to embed advanced security principles into every layer of the platform lifecycle. You will influence long-term architectural direction, establish foundational security standards, and guide implementation across globally distributed engineering organizations.

 

The ideal candidate combines deep expertise in distributed systems security, cryptography, identity and access management, multi-tenant architectures, and infrastructure security with the ability to drive cross-functional technical strategy and execution.

 

Key Responsibilities

  • Define and lead the long-term security architecture strategy for distributed storage platforms, including S3-compatible object storage, POSIX/NFS file systems, and KV cache–based data services.
  • Establish security architecture standards and secure-by-design principles across data path, control plane, orchestration, and protocol layers.
  • Partner with Data Path engineering teams to secure high-performance data movement across storage tiers, including encryption, integrity verification, secure I/O handling, and low-latency protection mechanisms.
  • Drive security architecture reviews, threat modeling, and Secure Software Development Lifecycle (SSDLC) practices across platform engineering initiatives.
  • Architect enterprise-grade Identity and Access Management (IAM) frameworks integrating LDAP, Active Directory, OIDC, Keycloak, SSO, MFA, federation, and delegated authorization models.
  • Design and govern fine-grained authorization systems leveraging RBAC, ABAC, metadata-aware policy enforcement, and tenant-scoped access controls.
  • Define scalable multi-tenant isolation architectures across namespaces, encryption boundaries, policies, quotas, and workload segregation domains while enforcing least privilege principles.
  • Collaborate with Control Plane engineering teams to design secure APIs, authentication workflows, policy orchestration, tenant lifecycle management, and platform governance controls.
  • Partner with Protocol and Ecosystem teams to secure S3, POSIX/NFS, and related interfaces, including request signing, session security, endpoint hardening, and protocol-level protections.
  • Lead platform-wide encryption and key management strategies for data at rest and in transit, including BYOK, tenant-scoped keys, dataset-level encryption policies, KMIP integration, and external KMS interoperability.
  • Define observability, telemetry, logging, auditing, and anomaly detection strategies to identify abnormal behavior, insider threats, and potential data exfiltration risks.
  • Drive adoption of Zero Trust security principles across distributed systems and infrastructure components.
  • Provide technical leadership, mentorship, and architectural guidance across cross-functional engineering teams, influencing secure implementation practices and platform evolution.
  • Represent security architecture initiatives in executive, customer, compliance, and strategic partner discussions as needed.

 

Required Qualifications

  • Bachelor’s or Master’s degree in Computer Science, Engineering, Cybersecurity, or a related technical field.
  • 12+ years of experience in security architecture, distributed systems security, infrastructure security, or large-scale platform engineering.
  • Proven track record designing and securing large-scale distributed systems, storage platforms, or cloud-native infrastructure.
  • Deep understanding of distributed system architectures, including data path and control plane security models.
  • Extensive expertise in cryptography, encryption frameworks, secure key management systems, and PKI architectures.
  • Strong experience integrating external KMS platforms using KMIP or equivalent protocols.
  • Advanced knowledge of IAM frameworks, including RBAC, ABAC, SSO, MFA, federation, delegated authorization, and policy-driven access control systems.
  • Experience integrating enterprise identity providers such as LDAP, Active Directory, OIDC, and SAML-based systems.
  • Expertise in secure API design, TLS 1.3, mutual TLS, request signing mechanisms (e.g., SigV4), and service-to-service authentication models.
  • Experience designing secure multi-tenant platforms with strong isolation, governance, and policy enforcement mechanisms.
  • Strong understanding of security observability, logging, auditability, SIEM integration, and compliance-driven monitoring architectures.
  • Demonstrated ability to influence technical direction and drive cross-functional architectural initiatives across engineering organizations.

 

Preferred Qualifications

  • Experience securing S3-compatible object storage, POSIX/NFS file systems, or high-performance distributed storage environments.
  • Familiarity with AI/ML infrastructure security, KV cache architectures, memory tiering systems, and GPU-centric distributed environments.
  • Experience integrating and managing security solutions across large-scale infrastructure platforms, including cloud, network, and application security domains.
  • Hands-on experience with BYOK architectures, tenant-scoped key management, and cryptographic isolation models.
  • Experience implementing ABAC using metadata classification, tagging, and contextual policy evaluation.
  • Strong background in Zero Trust architecture and distributed systems security engineering.
  • Knowledge of secure deletion techniques, including cryptographic erasure and secure lifecycle management.
  • Familiarity with compliance frameworks such as SOC 2, ISO 27001, NIST, FedRAMP, and enterprise security governance standards.
  • Experience designing security controls for high-throughput, low-latency distributed systems.
  • Familiarity with anomaly detection, behavioral analytics, and advanced security telemetry platforms.
  • Experience with Linux systems, scripting, automation, DevSecOps workflows, and infrastructure security tooling.

Salary Range for this role: $250,000 - $315,000

DDN:

Join our dynamic and driven team, where engineering excellence is at the heart of everything we do. We seek individuals who love to challenge themselves and are fueled by curiosity. Here, you'll have the opportunity to work across various areas of the company, thanks to our flat organizational structure that encourages hands-on involvement and direct contributions to our mission. Leadership is earned by those who take initiative and consistently deliver outstanding results, both in their work ethic and deliverables, making strong prioritization skills essential. Additionally, we value strong communication skills in all our engineers and researchers, as they are crucial for the success of our teams and the company as a whole.

 

Interview Process: After submitting your application, one of our recruiters will review your resume. If your application passes this stage, you will be invited to a 30-minute interview during which a member of our team will ask some basic questions. If you clear the interview, you will enter the main process, which can consist of up to four interviews in total:

 

  • Coding assessment: Often in a language of your choice.
  • Systems design: Translate high-level requirements into a scalable, fault-tolerant service (depending on role).
  • Real-time problem-solving: Demonstrate practical skills in a live problem-solving session.
  • Meet and greet with the wider team.
  • Our goal is to finish the main process in 2-3 weeks at most.

 

DataDirect Networks (DDN) is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, gender expression, transgender, sex stereotyping, sexual orientation, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.

 

#LI-Remote

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Engineer Related jobs

Other jobs at DDN Storage

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.