Principal Engineer - Security Architecture

Principal Engineer – Security Architecture

DDN is seeking a highly accomplished Principal Engineer – Security Architecture to define and drive the security strategy for next-generation distributed storage platforms spanning S3-compatible object storage, POSIX-compliant file systems, and KV cache–based data services. This role is responsible for architecting secure-by-design systems across the data path, control plane, and ecosystem/protocol layers that power high-performance, multi-tenant, AI-driven infrastructure at massive scale.

As a senior technical leader, you will partner closely with storage architects, protocol engineers, platform teams, and security stakeholders to embed advanced security principles into every layer of the platform lifecycle. You will influence long-term architectural direction, establish foundational security standards, and guide implementation across globally distributed engineering organizations.

The ideal candidate combines deep expertise in distributed systems security, cryptography, identity and access management, multi-tenant architectures, and infrastructure security with the ability to drive cross-functional technical strategy and execution.

Key Responsibilities

• Define and lead the long-term security architecture strategy for distributed storage platforms, including S3-compatible object storage, POSIX/NFS file systems, and KV cache–based data services.
• Establish security architecture standards and secure-by-design principles across data path, control plane, orchestration, and protocol layers.
• Partner with Data Path engineering teams to secure high-performance data movement across storage tiers, including encryption, integrity verification, secure I/O handling, and low-latency protection mechanisms.
• Drive security architecture reviews, threat modeling, and Secure Software Development Lifecycle (SSDLC) practices across platform engineering initiatives.
• Architect enterprise-grade Identity and Access Management (IAM) frameworks integrating LDAP, Active Directory, OIDC, Keycloak, SSO, MFA, federation, and delegated authorization models.
• Design and govern fine-grained authorization systems leveraging RBAC, ABAC, metadata-aware policy enforcement, and tenant-scoped access controls.
• Define scalable multi-tenant isolation architectures across namespaces, encryption boundaries, policies, quotas, and workload segregation domains while enforcing least privilege principles.
• Collaborate with Control Plane engineering teams to design secure APIs, authentication workflows, policy orchestration, tenant lifecycle management, and platform governance controls.
• Partner with Protocol and Ecosystem teams to secure S3, POSIX/NFS, and related interfaces, including request signing, session security, endpoint hardening, and protocol-level protections.
• Lead platform-wide encryption and key management strategies for data at rest and in transit, including BYOK, tenant-scoped keys, dataset-level encryption policies, KMIP integration, and external KMS interoperability.
• Define observability, telemetry, logging, auditing, and anomaly detection strategies to identify abnormal behavior, insider threats, and potential data exfiltration risks.
• Drive adoption of Zero Trust security principles across distributed systems and infrastructure components.
• Provide technical leadership, mentorship, and architectural guidance across cross-functional engineering teams, influencing secure implementation practices and platform evolution.
• Represent security architecture initiatives in executive, customer, compliance, and strategic partner discussions as needed.

Required Qualifications

• Bachelor's or Master's degree in Computer Science, Engineering, Cybersecurity, or a related technical field.
• 12+ years of experience in security architecture, distributed systems security, infrastructure security, or large-scale platform engineering.
• Proven track record designing and securing large-scale distributed systems, storage platforms, or cloud-native infrastructure.
• Deep understanding of distributed system architectures, including data path and control plane security models.
• Extensive expertise in cryptography, encryption frameworks, secure key management systems, and PKI architectures.
• Strong experience integrating external KMS platforms using KMIP or equivalent protocols.
• Advanced knowledge of IAM frameworks, including RBAC, ABAC, SSO, MFA, federation, delegated authorization, and policy-driven access control systems.
• Experience integrating enterprise identity providers such as LDAP, Active Directory, OIDC, and SAML-based systems.
• Expertise in secure API design, TLS 1.3, mutual TLS, request signing mechanisms (e.g., SigV4), and service-to-service authentication models.
• Experience designing secure multi-tenant platforms with strong isolation, governance, and policy enforcement mechanisms.
• Strong understanding of security observability, logging, auditability, SIEM integration, and compliance-driven monitoring architectures.
• Demonstrated ability to influence technical direction and drive cross-functional architectural initiatives across engineering organizations.

Preferred Qualifications

• Experience securing S3-compatible object storage, POSIX/NFS file systems, or high-performance distributed storage environments.
• Familiarity with AI/ML infrastructure security, KV cache architectures, memory tiering systems, and GPU-centric distributed environments.
• Experience integrating and managing security solutions across large-scale infrastructure platforms, including cloud, network, and application security domains.
• Hands-on experience with BYOK architectures, tenant-scoped key management, and cryptographic isolation models.
• Experience implementing ABAC using metadata classification, tagging, and contextual policy evaluation.
• Strong background in Zero Trust architecture and distributed systems security engineering.
• Knowledge of secure deletion techniques, including cryptographic erasure and secure lifecycle management.
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, NIST, FedRAMP, and enterprise security governance standards.
• Experience designing security controls for high-throughput, low-latency distributed systems.
• Familiarity with anomaly detection, behavioral analytics, and advanced security telemetry platforms.
• Experience with Linux systems, scripting, automation, DevSecOps workflows, and infrastructure security tooling.

Salary Range for this role: $250,000 - $315,000