Staff Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Spearhead the design and execution of comprehensive security architecture for distributed storage solutions, encompassing S3-compatible systems, POSIX-compliant file systems, and KV cache-based data services.

• Collaborate closely with Data Path engineering teams to guarantee secure, high-performance data transfer across storage tiers, which includes encryption, integrity validation, and secure I/O management.

• Oversee threat modeling, security assessments, and Secure Software Development Lifecycle (SSDLC) practices throughout the platform.

• Establish identity and access management (IAM) by integrating enterprise identity providers such as LDAP, Active Directory, OIDC, and Keycloak, facilitating SSO, MFA, and federation.

• Design fine-grained authorization models utilizing RBAC and ABAC across tenants, datasets, and resources.

• Create mechanisms for multi-tenant isolation across namespaces, policies, encryption boundaries, and resource quotas, ensuring least privilege and segregation of duties.

• Work together with Control Plane teams to define secure APIs, authentication and authorization processes, policy enforcement, and tenant lifecycle management.

• Collaborate with Protocol and Ecosystem teams to secure S3 and POSIX/NFS interfaces, focusing on request signing, session management, and endpoint security.

• Establish and enforce encryption strategies for data both at rest and in transit, including tenant-specific keys and dataset-level encryption policies.

• Lead the development of observability and monitoring strategies to identify anomalous behavior, irregular access patterns, and potential data exfiltration across the platform.

• Provide technical leadership and mentorship to cross-functional engineering teams, promoting secure design and implementation methodologies.

⛳️ Requirements

• Bachelor’s or Master’s degree in Computer Science, Engineering, or a related discipline.

• 12+ years of experience in security architecture, infrastructure security, or distributed systems.

• Demonstrated experience in designing security for large-scale distributed systems or storage platforms.

• Strong grasp of data path versus control plane architectures and their security implications.

• Extensive expertise in encryption technologies, key management systems, and cryptographic frameworks.

• Experience in integrating with external KMS solutions utilizing KMIP or similar protocols.

• Comprehensive knowledge of identity and access management (IAM), including RBAC, ABAC, SSO, MFA, and federation.

• Experience with enterprise identity providers such as LDAP, Active Directory, and OIDC.

• Familiarity with secure API design, TLS 1.3, mutual TLS, and request signing methods (e.g., SigV4).

• Experience in designing multi-tenant systems with robust isolation and policy enforcement.

• Knowledge of logging, auditing, and SIEM integration for security monitoring and compliance.

• Capability to collaborate efficiently with protocol, storage, and platform engineering teams.

🏝️ Benefits

• Competitive salary

• Flexible working hours

• Professional development budget

• Home office setup allowance

• Global team events