Staff Security Engineer

Staff Security Engineer

Job Locations


US-CA-San Francisco - Remote | US-NC-Raleigh

Job ID


2026-5740

Name Linked

Remote: San Francisco, CA

Country

United States

City

San Francisco - Remote

Worker Type


Regular Full-Time Employee

Posting Location : State/Province

CA

Overview

This is an incredible opportunity to be part of a company that has been at the forefront of AI and high-performance data storage innovation for over two decades. DataDirect Networks (DDN) is a global market leader renowned for powering many of the world's most demanding AI data centers, in industries ranging from life sciences and healthcare to financial services, autonomous cars, Government, academia, research and manufacturing.

"DDN's A3I solutions are transforming the landscape of AI infrastructure." - IDC

"The real differentiator is DDN. I never hesitate to recommend DDN. DDN is the de facto name for AI Storage in high performance environments" - Marc Hamilton, VP, Solutions Architecture & Engineering | NVIDIA

DDN is the global leader in AI and multi-cloud data management at scale. Our cutting-edge data intelligence platform is designed to accelerate AI workloads, enabling organizations to extract maximum value from their data. With a proven track record of performance, reliability, and scalability, DDN empowers businesses to tackle the most challenging AI and data-intensive workloads with confidence.

Our success is driven by our unwavering commitment to innovation, customer-centricity, and a team of passionate professionals who bring their expertise and dedication to every project. This is a chance to make a significant impact at a company that is shaping the future of AI and data management.

Our commitment to innovation, customer success, and market leadership makes this an exciting and rewarding role for a driven professional looking to make a lasting impact in the world of AI and data storage.

Job Description

DDN is seeking a highly experienced Sr. Staff Security Architect to lead the design and implementation of end-to-end security architecture across distributed storage platforms, including S3-compatible systems, POSIX-compliant file systems, and KV cache-based data services. This is an architecture role focused on working closely with engineering teams across the data path, control plane, and ecosystem/protocol domains to ensure security is deeply embedded across all layers of the platform. You will collaborate with protocol teams, storage engineers, and platform architects to define secure-by-design systems that support high-performance, multi-tenant, and AI-driven workloads. The ideal candidate brings deep expertise in distributed systems security, cryptography, identity frameworks, and storage architectures, with a strong ability to influence engineering design and guide implementation at scale.

Key Responsibilities

Lead the design and implementation of end-to-end security architecture for distributed storage platforms, including S3-compatible systems, POSIX-compliant file systems, and KV cache-based data services.
• Partner closely with Data Path engineering teams to ensure secure, high-performance data movement across storage tiers, including encryption, integrity validation, and secure I/O handling.
• Lead threat modeling, security reviews, and Secure Software Development Lifecycle (SSDLC) practices across the platform.
• Define identity and access management (IAM) integrating enterprise identity providers such as LDAP, Active Directory, OIDC, and Keycloak, supporting SSO, MFA, and federation.
• Architect fine-grained authorization models using RBAC and ABAC across tenants, datasets, and resources.
• Design multi-tenant isolation mechanisms across namespaces, policies, encryption boundaries, and resource quotas, enforcing least privilege and segregation of duties.
• Collaborate with Control Plane teams to define secure APIs, authentication and authorization workflows, policy enforcement, and tenant lifecycle management.
• Work with Protocol and Ecosystem teams to secure S3 and POSIX/NFS interfaces, including request signing, session management, and endpoint security.
• Define and enforce encryption strategies for data at rest and in transit, including tenant-specific keys and dataset-level encryption policies. .
• Drive observability and monitoring strategies to detect anomalous behavior, abnormal access patterns, and potential data exfiltration across the platform.
• Provide technical leadership and mentorship across cross-functional engineering teams, guiding secure design and implementation practices.

Required Qualifications

• Bachelor's or Master's degree in Computer Science, Engineering, or a related field.
• 12+ years of experience in security architecture, infrastructure security, or distributed systems.
• Proven experience designing security for large-scale distributed systems or storage platforms.
• Strong understanding of data path vs. control plane architectures and their security implications.
• Deep expertise in encryption technologies, key management systems, and cryptographic frameworks.
• Experience integrating with external KMS solutions using KMIP or similar protocols.
• Strong knowledge of identity and access management (IAM), including RBAC, ABAC, SSO, MFA, and federation.
• Experience working with enterprise identity providers such as LDAP, Active Directory, and OIDC.
• Familiarity with secure API design, TLS 1.3, mutual TLS, and request signing mechanisms (e.g., SigV4).
• Experience designing multi-tenant systems with strong isolation and policy enforcement.
• Knowledge of logging, auditing, and SIEM integration for security monitoring and compliance.
• Ability to collaborate effectively with protocol, storage, and platform engineering teams.

Preferred Skills

• Experience working with S3, POSIX/NFS, or similar storage protocols from a security architecture perspective.
• Familiarity with KV cache systems, memory tiering, or AI/ML data infrastructure security considerations.
• Hands-on experience with BYOK models and tenant-scoped key management.
• Experience implementing ABAC using metadata, tags, and classification attributes.
• Background in zero trust architecture and distributed system security design.
• Experience with secure deletion techniques, including cryptographic erasure.
• Knowledge of compliance frameworks such as SOC 2, ISO 27001, NIST, or FedRAMP.
• Experience designing security for high-performance, low-latency distributed systems.
• Familiarity with anomaly detection, security analytics, and alerting systems.

What You'll Work On

• Defining and driving security architecture across data path, control plane, and protocol layers of distributed storage systems
• Partnering with engineering teams to embed security into S3, POSIX, and KV cache data services
• Building scalable encryption, identity, and access control frameworks for multi-tenant environments
• Strengthening tenant isolation, auditability, and compliance across the platform
• Ensuring secure integration across ecosystem components and external services
• Leading cross-team security initiatives that influence system design, implementation, and long-term platform evolution

Salary Range for this role: $215,000 - $265,000

DDN

Join our dynamic and driven team, where engineering excellence is at the heart of everything we do. We seek individuals who love to challenge themselves and are fueled by curiosity. Here, you'll have the opportunity to work across various areas of the company, thanks to our flat organizational structure that encourages hands-on involvement and direct contributions to our mission. Leadership is earned by those who take initiative and consistently deliver outstanding results, both in their work ethic and deliverables, making strong prioritization skills essential. Additionally, we value strong communication skills in all our engineers and researchers, as they are crucial for the success of our teams and the company as a whole.

Interview Process: After submitting your application, one of our recruiters will review your resume. If your application passes this stage, you will be invited to a 30-minute interview during which a member of our team will ask some basic questions. If you clear the interview, you will enter the main process, which can consist of up to four interviews in total:

• Coding assessment: Often in a language of your choice.
• Systems design: Translate high-level requirements into a scalable, fault-tolerant service (depending on role).
• Real-time problem-solving: Demonstrate practical skills in a live problem-solving session.
• Meet and greet with the wider team.
• Our goal is to finish the main process in 2-3 weeks at most.

DataDirect Networks (DDN) is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, gender expression, transgender, sex stereotyping, sexual orientation, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.

#LI-Remote