Principal Engineer – Security Architecture

DataDirect Networks (DDN) is a global market leader in AI and high-performance data storage innovation. They are seeking a highly accomplished Principal Engineer – Security Architecture to define and drive the security strategy for next-generation distributed storage platforms, ensuring secure-by-design systems across various layers of the infrastructure.

Responsibilities:

• Define and lead the long-term security architecture strategy for distributed storage platforms, including S3-compatible object storage, POSIX/NFS file systems, and KV cache–based data services
• Establish security architecture standards and secure-by-design principles across data path, control plane, orchestration, and protocol layers
• Partner with Data Path engineering teams to secure high-performance data movement across storage tiers, including encryption, integrity verification, secure I/O handling, and low-latency protection mechanisms
• Drive security architecture reviews, threat modeling, and Secure Software Development Lifecycle (SSDLC) practices across platform engineering initiatives
• Architect enterprise-grade Identity and Access Management (IAM) frameworks integrating LDAP, Active Directory, OIDC, Keycloak, SSO, MFA, federation, and delegated authorization models
• Design and govern fine-grained authorization systems leveraging RBAC, ABAC, metadata-aware policy enforcement, and tenant-scoped access controls
• Define scalable multi-tenant isolation architectures across namespaces, encryption boundaries, policies, quotas, and workload segregation domains while enforcing least privilege principles
• Collaborate with Control Plane engineering teams to design secure APIs, authentication workflows, policy orchestration, tenant lifecycle management, and platform governance controls
• Partner with Protocol and Ecosystem teams to secure S3, POSIX/NFS, and related interfaces, including request signing, session security, endpoint hardening, and protocol-level protections
• Lead platform-wide encryption and key management strategies for data at rest and in transit, including BYOK, tenant-scoped keys, dataset-level encryption policies, KMIP integration, and external KMS interoperability
• Define observability, telemetry, logging, auditing, and anomaly detection strategies to identify abnormal behavior, insider threats, and potential data exfiltration risks
• Drive adoption of Zero Trust security principles across distributed systems and infrastructure components
• Provide technical leadership, mentorship, and architectural guidance across cross-functional engineering teams, influencing secure implementation practices and platform evolution
• Represent security architecture initiatives in executive, customer, compliance, and strategic partner discussions as needed

Requirements:

• Bachelor's or Master's degree in Computer Science, Engineering, Cybersecurity, or a related technical field
• 12+ years of experience in security architecture, distributed systems security, infrastructure security, or large-scale platform engineering
• Proven track record designing and securing large-scale distributed systems, storage platforms, or cloud-native infrastructure
• Deep understanding of distributed system architectures, including data path and control plane security models
• Extensive expertise in cryptography, encryption frameworks, secure key management systems, and PKI architectures
• Strong experience integrating external KMS platforms using KMIP or equivalent protocols
• Advanced knowledge of IAM frameworks, including RBAC, ABAC, SSO, MFA, federation, delegated authorization, and policy-driven access control systems
• Experience integrating enterprise identity providers such as LDAP, Active Directory, OIDC, and SAML-based systems
• Expertise in secure API design, TLS 1.3, mutual TLS, request signing mechanisms (e.g., SigV4), and service-to-service authentication models
• Experience designing secure multi-tenant platforms with strong isolation, governance, and policy enforcement mechanisms
• Strong understanding of security observability, logging, auditability, SIEM integration, and compliance-driven monitoring architectures
• Demonstrated ability to influence technical direction and drive cross-functional architectural initiatives across engineering organizations
• Experience securing S3-compatible object storage, POSIX/NFS file systems, or high-performance distributed storage environments
• Familiarity with AI/ML infrastructure security, KV cache architectures, memory tiering systems, and GPU-centric distributed environments
• Experience integrating and managing security solutions across large-scale infrastructure platforms, including cloud, network, and application security domains
• Hands-on experience with BYOK architectures, tenant-scoped key management, and cryptographic isolation models
• Experience implementing ABAC using metadata classification, tagging, and contextual policy evaluation
• Strong background in Zero Trust architecture and distributed systems security engineering
• Knowledge of secure deletion techniques, including cryptographic erasure and secure lifecycle management
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, NIST, FedRAMP, and enterprise security governance standards
• Experience designing security controls for high-throughput, low-latency distributed systems
• Familiarity with anomaly detection, behavioral analytics, and advanced security telemetry platforms
• Experience with Linux systems, scripting, automation, DevSecOps workflows, and infrastructure security tooling