Principal Engineer - Security Architecture

Principal Engineer - Security Architecture

Job Locations


US-CA-San Francisco - Remote | US-NC-Raleigh

Job ID


2026-5833

Name Linked

Remote: San Francisco, CA

Country

United States

City

San Francisco - Remote

Worker Type


Regular Full-Time Employee

Posting Location : State/Province

CA

Overview

This is an incredible opportunity to be part of a company that has been at the forefront of AI and high-performance data storage innovation for over two decades. DataDirect Networks (DDN) is a global market leader renowned for powering many of the world's most demanding AI data centers, in industries ranging from life sciences and healthcare to financial services, autonomous cars, Government, academia, research and manufacturing.

"DDN's A3I solutions are transforming the landscape of AI infrastructure." - IDC

"The real differentiator is DDN. I never hesitate to recommend DDN. DDN is the de facto name for AI Storage in high performance environments" - Marc Hamilton, VP, Solutions Architecture & Engineering | NVIDIA

DDN is the global leader in AI and multi-cloud data management at scale. Our cutting-edge data intelligence platform is designed to accelerate AI workloads, enabling organizations to extract maximum value from their data. With a proven track record of performance, reliability, and scalability, DDN empowers businesses to tackle the most challenging AI and data-intensive workloads with confidence.

Our success is driven by our unwavering commitment to innovation, customer-centricity, and a team of passionate professionals who bring their expertise and dedication to every project. This is a chance to make a significant impact at a company that is shaping the future of AI and data management.

Our commitment to innovation, customer success, and market leadership makes this an exciting and rewarding role for a driven professional looking to make a lasting impact in the world of AI and data storage.

Job Description

DDN is seeking a highly accomplished Principal Engineer - Security Architecture to define and drive the security strategy for next-generation distributed storage platforms spanning S3-compatible object storage, POSIX-compliant file systems, and KV cache-based data services. This role is responsible for architecting secure-by-design systems across the data path, control plane, and ecosystem/protocol layers that power high-performance, multi-tenant, AI-driven infrastructure at massive scale.

As a senior technical leader, you will partner closely with storage architects, protocol engineers, platform teams, and security stakeholders to embed advanced security principles into every layer of the platform lifecycle. You will influence long-term architectural direction, establish foundational security standards, and guide implementation across globally distributed engineering organizations.

The ideal candidate combines deep expertise in distributed systems security, cryptography, identity and access management, multi-tenant architectures, and infrastructure security with the ability to drive cross-functional technical strategy and execution.

Key Responsibilities

Define and lead the long-term security architecture strategy for distributed storage platforms, including S3-compatible object storage, POSIX/NFS file systems, and KV cache-based data services.
• Establish security architecture standards and secure-by-design principles across data path, control plane, orchestration, and protocol layers.
• Partner with Data Path engineering teams to secure high-performance data movement across storage tiers, including encryption, integrity verification, secure I/O handling, and low-latency protection mechanisms.
• Drive security architecture reviews, threat modeling, and Secure Software Development Lifecycle (SSDLC) practices across platform engineering initiatives.
• Architect enterprise-grade Identity and Access Management (IAM) frameworks integrating LDAP, Active Directory, OIDC, Keycloak, SSO, MFA, federation, and delegated authorization models.
• Design and govern fine-grained authorization systems leveraging RBAC, ABAC, metadata-aware policy enforcement, and tenant-scoped access controls.
• Define scalable multi-tenant isolation architectures across namespaces, encryption boundaries, policies, quotas, and workload segregation domains while enforcing least privilege principles.
• Collaborate with Control Plane engineering teams to design secure APIs, authentication workflows, policy orchestration, tenant lifecycle management, and platform governance controls.
• Partner with Protocol and Ecosystem teams to secure S3, POSIX/NFS, and related interfaces, including request signing, session security, endpoint hardening, and protocol-level protections.
• Lead platform-wide encryption and key management strategies for data at rest and in transit, including BYOK, tenant-scoped keys, dataset-level encryption policies, KMIP integration, and external KMS interoperability.
• Define observability, telemetry, logging, auditing, and anomaly detection strategies to identify abnormal behavior, insider threats, and potential data exfiltration risks.
• Drive adoption of Zero Trust security principles across distributed systems and infrastructure components.
• Provide technical leadership, mentorship, and architectural guidance across cross-functional engineering teams, influencing secure implementation practices and platform evolution.
• Represent security architecture initiatives in executive, customer, compliance, and strategic partner discussions as needed.

Required Qualifications

• Bachelor's or Master's degree in Computer Science, Engineering, Cybersecurity, or a related technical field.
• 12+ years of experience in security architecture, distributed systems security, infrastructure security, or large-scale platform engineering.
• Proven track record designing and securing large-scale distributed systems, storage platforms, or cloud-native infrastructure.
• Deep understanding of distributed system architectures, including data path and control plane security models.
• Extensive expertise in cryptography, encryption frameworks, secure key management systems, and PKI architectures.
• Strong experience integrating external KMS platforms using KMIP or equivalent protocols.
• Advanced knowledge of IAM frameworks, including RBAC, ABAC, SSO, MFA, federation, delegated authorization, and policy-driven access control systems.
• Experience integrating enterprise identity providers such as LDAP, Active Directory, OIDC, and SAML-based systems.
• Expertise in secure API design, TLS 1.3, mutual TLS, request signing mechanisms (e.g., SigV4), and service-to-service authentication models.
• Experience designing secure multi-tenant platforms with strong isolation, governance, and policy enforcement mechanisms.
• Strong understanding of security observability, logging, auditability, SIEM integration, and compliance-driven monitoring architectures.
• Demonstrated ability to influence technical direction and drive cross-functional architectural initiatives across engineering organizations.

Preferred Qualifications

• Experience securing S3-compatible object storage, POSIX/NFS file systems, or high-performance distributed storage environments.
• Familiarity with AI/ML infrastructure security, KV cache architectures, memory tiering systems, and GPU-centric distributed environments.
• Experience integrating and managing security solutions across large-scale infrastructure platforms, including cloud, network, and application security domains.
• Hands-on experience with BYOK architectures, tenant-scoped key management, and cryptographic isolation models.
• Experience implementing ABAC using metadata classification, tagging, and contextual policy evaluation.
• Strong background in Zero Trust architecture and distributed systems security engineering.
• Knowledge of secure deletion techniques, including cryptographic erasure and secure lifecycle management.
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, NIST, FedRAMP, and enterprise security governance standards.
• Experience designing security controls for high-throughput, low-latency distributed systems.
• Familiarity with anomaly detection, behavioral analytics, and advanced security telemetry platforms.
• Experience with Linux systems, scripting, automation, DevSecOps workflows, and infrastructure security tooling.

Salary Range for this role: $250,000 - $315,000

DDN

Join our dynamic and driven team, where engineering excellence is at the heart of everything we do. We seek individuals who love to challenge themselves and are fueled by curiosity. Here, you'll have the opportunity to work across various areas of the company, thanks to our flat organizational structure that encourages hands-on involvement and direct contributions to our mission. Leadership is earned by those who take initiative and consistently deliver outstanding results, both in their work ethic and deliverables, making strong prioritization skills essential. Additionally, we value strong communication skills in all our engineers and researchers, as they are crucial for the success of our teams and the company as a whole.

Interview Process: After submitting your application, one of our recruiters will review your resume. If your application passes this stage, you will be invited to a 30-minute interview during which a member of our team will ask some basic questions. If you clear the interview, you will enter the main process, which can consist of up to four interviews in total:

• Coding assessment: Often in a language of your choice.
• Systems design: Translate high-level requirements into a scalable, fault-tolerant service (depending on role).
• Real-time problem-solving: Demonstrate practical skills in a live problem-solving session.
• Meet and greet with the wider team.
• Our goal is to finish the main process in 2-3 weeks at most.

DataDirect Networks (DDN) is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, gender expression, transgender, sex stereotyping, sexual orientation, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.

#LI-Remote