Staff Security Engineer

Overview This is an incredible opportunity to be part of a company that has been at the forefront of AI and high-performance data storage innovation for over two decades. DataDirect Networks (DDN) is a global market leader renowned for powering many of the world's most demanding AI data centers, in industries ranging from life sciences and healthcare to financial services, autonomous cars, Government, academia, research and manufacturing. DDN is the global leader in AI and multi-cloud data management at scale. Our cutting-edge data intelligence platform is designed to accelerate AI workloads, enabling organizations to extract maximum value from their data. With a proven track record of performance, reliability, and scalability, DDN empowers businesses to tackle the most challenging AI and data-intensive workloads with confidence. This is a chance to make a significant impact at a company that is shaping the future of AI and data management. Our commitment to innovation, customer success, and market leadership makes this an exciting and rewarding role for a driven professional looking to make a lasting impact in the world of AI and data storage. "DDN's A3I solutions are transforming the landscape of AI infrastructure." – IDC "The real differentiator is DDN. I never hesitate to recommend DDN. DDN is the de facto name for AI Storage in high performance environments" – Marc Hamilton, VP, Solutions Architecture & Engineering | NVIDIA DDN is seeking a highly experienced Sr. Staff Security Architect to lead the design and implementation of end-to-end security architecture across distributed storage platforms, including S3-compatible systems, POSIX-compliant file systems, and KV cache–based data services. This is an architecture role focused on working closely with engineering teams across the data path, control plane, and ecosystem/protocol domains to ensure security is deeply embedded across all layers of the platform. You will collaborate with protocol teams, storage engineers, and platform architects to define secure-by-design systems that support high-performance, multi-tenant, and AI-driven workloads. The ideal candidate brings deep expertise in distributed systems security, cryptography, identity frameworks, and storage architectures, with a strong ability to influence engineering design and guide implementation at scale. Key Responsibilities Lead the design and implementation of end-to-end security architecture for distributed storage platforms, including S3-compatible systems, POSIX-compliant file systems, and KV cache–based data services. Partner closely with Data Path engineering teams to ensure secure, high-performance data movement across storage tiers, including encryption, integrity validation, and secure I/O handling. Lead threat modeling, security reviews, and Secure Software Development Lifecycle (SSDLC) practices across the platform. Define identity and access management (IAM) integrating enterprise identity providers such as LDAP, Active Directory, OIDC, and Keycloak, supporting SSO, MFA, and federation. Architect fine‑grained authorization models using RBAC and ABAC across tenants, datasets, and resources. Design multi‑tenant isolation mechanisms across namespaces, policies, encryption boundaries, and resource quotas, enforcing least privilege and segregation of duties. Collaborate with Control Plane teams to define secure APIs, authentication and authorization workflows, policy enforcement, and tenant lifecycle management. Work with Protocol and Ecosystem teams to secure S3 and POSIX/NFS interfaces, including request signing, session management, and endpoint security. Define and enforce encryption strategies for data at rest and in transit, including tenant‑specific keys and dataset‑level encryption policies. Drive observability and monitoring strategies to detect anomalous behavior, abnormal access patterns, and potential data exfiltration across the platform. Provide technical leadership and mentorship across cross‑functional engineering teams, guiding secure design and implementation practices. Required Qualifications Bachelor’s or Master’s degree in Computer Science, Engineering, or a related field. 12+ years of experience in security architecture, infrastructure security, or distributed systems. Proven experience designing security for large‑scale distributed systems or storage platforms. Strong understanding of data path vs. control plane architectures and their security implications. Deep expertise in encryption technologies, key management systems, and cryptographic frameworks. Experience integrating with external KMS solutions using KMIP or similar protocols. Strong knowledge of identity and access management (IAM), including RBAC, ABAC, SSO, MFA, and federation. Experience working with enterprise identity providers such as LDAP, Active Directory, and OIDC. Familiarity with secure API design, TLS 1.3, mutual TLS, and request signing mechanisms (e.g., SigV4). Experience designing multi‑tenant systems with strong isolation and policy enforcement. Knowledge of logging, auditing, and SIEM integration for security monitoring and compliance. Ability to collaborate effectively with protocol, storage, and platform engineering teams. Preferred Skills Experience working with S3, POSIX/NFS, or similar storage protocols from a security architecture perspective. Familiarity with KV cache systems, memory tiering, or AI/ML data infrastructure security considerations. Hands‑on experience with BYOK models and tenant‑scoped key management. Experience implementing ABAC using metadata, tags, and classification attributes. Background in zero trust architecture and distributed system security design. Experience with secure deletion techniques, including cryptographic erasure. Knowledge of compliance frameworks such as SOC 2, ISO 27001, NIST, or FedRAMP. Experience designing security for high‑performance, low‑latency distributed systems. Familiarity with anomaly detection, security analytics, and alerting systems. What You’ll Work On Defining and driving security architecture across data path, control plane, and protocol layers of distributed storage systems Partnering with engineering teams to embed security into S3, POSIX, and KV cache data services Building scalable encryption, identity, and access control frameworks for multi‑tenant environments Strengthening tenant isolation, auditability, and compliance across the platform Ensuring secure integration across ecosystem components and external services Leading cross‑team security initiatives that influence system design, implementation, and long‑term platform evolution DataDirect Networks (DDN) is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, gender expression, transgender, sex stereotyping, sexual orientation, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law. #LI-Remote #J-18808-Ljbffr