← Back to all jobs
DDN

Staff Security Engineer

DDN

12h ago

0DevUnited Stateshimalayas
Security-ArchitectureInfrastructure-SecurityInformation-SecurityStorage-SecurityCloud-SecuritySenior

Job Description

OverviewThis is an incredible opportunity to be part of a company that has been at the forefront of AI and high-performance data storage innovation for over two decades. DataDirect Networks (DDN) is a global market leader renowned for powering many of the world's most demanding AI data centers, in industries ranging from life sciences and healthcare to financial services, autonomous cars, Government, academia, research and manufacturing.  "DDN's A3I solutions are transforming the landscape of AI infrastructure." – IDC “The real differentiator is DDN. I never hesitate to recommend DDN. DDN is the de facto name for AI Storage in high performance environments” - Marc Hamilton, VP, Solutions Architecture & Engineering | NVIDIA  DDN is the global leader in AI and multi-cloud data management at scale. Our cutting-edge data intelligence platform is designed to accelerate AI workloads, enabling organizations to extract maximum value from their data. With a proven track record of performance, reliability, and scalability, DDN empowers businesses to tackle the most challenging AI and data-intensive workloads with confidence.   Our success is driven by our unwavering commitment to innovation, customer-centricity, and a team of passionate professionals who bring their expertise and dedication to every project. This is a chance to make a significant impact at a company that is shaping the future of AI and data management.   Our commitment to innovation, customer success, and market leadership makes this an exciting and rewarding role for a driven professional looking to make a lasting impact in the world of AI and data storage. Job DescriptionDDDN is seeking a highly experienced Sr. Staff Security Architect to lead the design and implementation of end-to-end security architecture across distributed storage platforms, including S3-compatible systems, POSIX-compliant file systems, and KV cache–based data services. This is an architecture role focused on working closely with engineering teams across the data path, control plane, and ecosystem/protocol domains to ensure security is deeply embedded across all layers of the platform. You will collaborate with protocol teams, storage engineers, and platform architects to define secure-by-design systems that support high-performance, multi-tenant, and AI-driven workloads. The ideal candidate brings deep expertise in distributed systems security, cryptography, identity frameworks, and storage architectures, with a strong ability to influence engineering design and guide implementation at scale.Key ResponsibilitiesLead the design and implementation of end-to-end security architecture for distributed storage platforms, including S3-compatible systems, POSIX-compliant file systems, and KV cache–based data services.Partner closely with Data Path engineering teams to ensure secure, high-performance data movement across storage tiers, including encryption, integrity validation, and secure I/O handling.Lead threat modeling, security reviews, and Secure Software Development Lifecycle (SSDLC) practices across the platform.Define identity and access management (IAM) integrating enterprise identity providers such as LDAP, Active Directory, OIDC, and Keycloak, supporting SSO, MFA, and federation.Architect fine-grained authorization models using RBAC and ABAC across tenants, datasets, and resources.Design multi-tenant isolation mechanisms across namespaces, policies, encryption boundaries, and resource quotas, enforcing least privilege and segregation of duties.Collaborate with Control Plane teams to define secure APIs, authentication and authorization workflows, policy enforcement, and tenant lifecycle management.Work with Protocol and Ecosystem teams to secure S3 and POSIX/NFS interfaces, including request signing, session management, and endpoint security.Define and enforce encryption strategies for data at rest and in transit, including tenant-specific keys and dataset-level encryption policies. .Drive observability and monitoring strategies to detect anomalous behavior, abnormal access patterns, and potential data exfiltration across the platform.Provide technical leadership and mentorship across cross-functional engineering teams, guiding secure design and implementation practices.Required QualificationsBachelor’s or Master’s degree in Computer Science, Engineering, or a related field.12+ years of experience in security architecture, infrastructure security, or distributed systems.Proven experience designing security for large-scale distributed systems or storage platforms.Strong understanding of data path vs. control plane architectures and their security implications.Deep expertise in encryption technologies, key management systems, and cryptographic frameworks.Experience integrating with external KMS solutions using KMIP or similar protocols.Strong knowledge of identity and access management (IAM), including RBAC, ABAC, SSO, MFA, and federation.Experience working with enterprise ide