Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
DDN

Principal Engineer – Security Architecture

DDN

Principal Engineer driving security strategy for next-gen storage platforms at DDN. Leading architecture initiatives and collaborating with cross-functional teams to ensure secure systems.

Posted 5/26/2026full-timeSan Francisco • California, North Carolina • 🇺🇸 United StatesLead💰 $250,000 - $315,000 per yearWebsite

Tech Stack

Tools & technologies
CloudCyber SecurityDistributed SystemsNFS

About the role

Key responsibilities & impact
  • Define and lead the long-term security architecture strategy for distributed storage platforms, including S3-compatible object storage, POSIX/NFS file systems, and KV cache–based data services.
  • Establish security architecture standards and secure-by-design principles across data path, control plane, orchestration, and protocol layers.
  • Partner with Data Path engineering teams to secure high-performance data movement across storage tiers, including encryption, integrity verification, secure I/O handling, and low-latency protection mechanisms.
  • Drive security architecture reviews, threat modeling, and Secure Software Development Lifecycle (SSDLC) practices across platform engineering initiatives.
  • Architect enterprise-grade Identity and Access Management (IAM) frameworks integrating LDAP, Active Directory, OIDC, Keycloak, SSO, MFA, federation, and delegated authorization models.
  • Design and govern fine-grained authorization systems leveraging RBAC, ABAC, metadata-aware policy enforcement, and tenant-scoped access controls.
  • Define scalable multi-tenant isolation architectures across namespaces, encryption boundaries, policies, quotas, and workload segregation domains while enforcing least privilege principles.
  • Collaborate with Control Plane engineering teams to design secure APIs, authentication workflows, policy orchestration, tenant lifecycle management, and platform governance controls.
  • Partner with Protocol and Ecosystem teams to secure S3, POSIX/NFS, and related interfaces, including request signing, session security, endpoint hardening, and protocol-level protections.
  • Lead platform-wide encryption and key management strategies for data at rest and in transit, including BYOK, tenant-scoped keys, dataset-level encryption policies, KMIP integration, and external KMS interoperability.
  • Define observability, telemetry, logging, auditing, and anomaly detection strategies to identify abnormal behavior, insider threats, and potential data exfiltration risks.
  • Drive adoption of Zero Trust security principles across distributed systems and infrastructure components.
  • Provide technical leadership, mentorship, and architectural guidance across cross-functional engineering teams, influencing secure implementation practices and platform evolution.
  • Represent security architecture initiatives in executive, customer, compliance, and strategic partner discussions as needed.

Requirements

What you’ll need
  • Bachelor’s or Master’s degree in Computer Science, Engineering, Cybersecurity, or a related technical field.
  • 12+ years of experience in security architecture, distributed systems security, infrastructure security, or large-scale platform engineering.
  • Proven track record designing and securing large-scale distributed systems, storage platforms, or cloud-native infrastructure.
  • Deep understanding of distributed system architectures, including data path and control plane security models.
  • Extensive expertise in cryptography, encryption frameworks, secure key management systems, and PKI architectures.
  • Strong experience integrating external KMS platforms using KMIP or equivalent protocols.
  • Advanced knowledge of IAM frameworks, including RBAC, ABAC, SSO, MFA, federation, delegated authorization, and policy-driven access control systems.
  • Experience integrating enterprise identity providers such as LDAP, Active Directory, OIDC, and SAML-based systems.
  • Expertise in secure API design, TLS 1.3, mutual TLS, request signing mechanisms (e.g., SigV4), and service-to-service authentication models.
  • Experience designing secure multi-tenant platforms with strong isolation, governance, and policy enforcement mechanisms.
  • Strong understanding of security observability, logging, auditability, SIEM integration, and compliance-driven monitoring architectures.
  • Demonstrated ability to influence technical direction and drive cross-functional architectural initiatives across engineering organizations.

Benefits

Comp & perks
  • Health insurance
  • 401(k) matching
  • Flexible work hours
  • Paid time off
  • Remote work options

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security architecturedistributed systems securityinfrastructure securitycryptographyencryption frameworkssecure key management systemsIAM frameworkssecure API designmulti-tenant platformssecurity observability
Soft Skills
technical leadershipmentorshiparchitectural guidanceinfluencing secure implementation practicescollaborationcommunicationstrategic thinkingproblem-solvingcross-functional teamworkexecutive representation