Pure Storage
Senior Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Pure Storage
Pure Storage is a prominent provider of all-flash data storage solutions designed for enterprise environments. Founded in 2009 and headquartered in Santa Clara, California, the company focuses on helping organizations manage and protect their data across both on-premises and cloud settings. Its innovative products include FlashArray for block storage, FlashBlade for unstructured data, and a range of software solutions like Purity Operating Software and Portworx for Kubernetes environments. The company is known for its Evergreen architecture, which allows customers to upgrade their storage systems seamlessly without disruptive migrations. Pure Storage serves over 12,500 customers globally, including a significant portion of Fortune 500 companies, and has expanded its offerings to support high-performance storage needs for artificial intelligence workloads. With a strong financial performance, reporting $3.2 billion in revenue for fiscal year 2025, Pure Storage continues to lead in the enterprise data storage market.
Security at Pure Storage
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Pure Storage adopts a "Security by Design"approach, integrating security throughout the Software Development Life Cycle (SDLC).
- This includes practices like "Threat Modeling"and "Peer Code Reviews".
- The company also emphasizes continuous security testing.
Security Team
The Pure Storage Global Information Security Office (GISO) prepares security documents. Rick Orloff is the VP, Chief Information Security Officer. Bala Kannan is identified as the Director of Product Security at Pure Storage. Information regarding the explicit AppSec organizational model, reporting chains beyond CISO-level references, and team size count is not publicly available from the searched sources. While career pages exist, specific active AppSec headcount and detailed org-structure evidence were not found.
Key Initiatives
Pure Storage integrates security throughout the SDLC, including "Threat Modeling"and "Peer Code Reviews". They conduct continuous security testing using "DAST, open source scanning (SCA), vulnerability assessment tools, and penetration testing". The company has a "Vulnerability Reporting and Disclosure Policy", with CVE publication "typically 90 days after a fix is made available". Operational controls include "AES-256 encryption at rest", "TLS 1.3 for all management and data plane traffic", and "SafeMode prevents any snapshot or retention policy from being modified". They also integrate with "SIEM and Security Operations Centers (SOCs)"and utilize "SOAR orchestration via API", where "Snapshot creation and rollback can be triggered automatically when a threat is detected". Information on explicit Security Champions program details or detailed vulnerability triage SLAs beyond the 90-day disclosure timeline is not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.