We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry.

This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us.

THE ROLE

You will help build and operate the core of our Attack Surface Management (ASM) and Secrets Detection program—integrating asset discovery, vulnerability visibility, secrets scanning, and remediation into scalable workflows. Your job is to ensure that we know what we own, and that none of it leaks secrets, tokens, or credentials—at any point in its lifecycle.

You’ll work closely with Security, Infrastructure, DevOps, and Developer Experience teams to:

• Maintain a real-time, trustworthy asset inventory across on-prem, cloud, and SaaS environments
• Build and run secrets detection workflows in source code, CI/CD, and production telemetry
• Create scalable feedback loops to improve posture, reduce false positives, and prioritize by risk

This is not a leadership role, but it is highly cross-functional and operationally impactful.

WHAT YOU'LL DO

• Operate and continuously improve our asset discovery workflows using tools like runZero, CMDBs, and cloud APIs
• Track and tag assets by environment, business owner, and criticality
• Drive visibility into cloud-native, SaaS, and third-party assets
• Support vulnerability intelligence workflows with business context and inventory hygiene
• Deploy, tune, and maintain secrets detection tools (e.g., TruffleHog, GitHub Advanced Security, GitLeaks)
• Build logic to detect, de-duplicate, and route secret-related alerts to the right engineering owners
• Partner with developers to eliminate hardcoded credentials, environment variable leaks, and insecure secrets handling
• Monitor for secrets exposure in logs, S3 buckets, or shared infrastructure/Services
• Integrate secrets scanning into CI/CD workflows
• Correlate asset inventory with Tenable and secrets telemetry to drive prioritization
• Automate triage workflows, false positive suppression, and remediation notifications (e.g., via Jira or ServiceNow)
• Build dashboards and reporting pipelines to measure secrets MTTR, asset coverage, and risk trends
• Contribute to detection content, alert tuning, and posture reporting
• We are primarily an in-office environment and therefore, you will be expected to work from the Santa Clara, CA office in compliance with Pure’s policies, unless you are on PTO, or work travel, or other approved leave.

WHAT YOU BRING

• 5–8 years of experience in security operations, cloud security, or related engineering roles
• Experience operating tools like runZero, TruffleHog, GitLeaks, or similar
• Familiarity with cloud platforms (AWS, GCP, Azure) and modern CI/CD pipelines
• Working knowledge of GitHub, GitLab, and secure code practices
• Solid scripting or automation ability (Python, Bash, or equivalent)
• Experience managing asset metadata and tagging strategies
• Strong understanding of secrets hygiene, credential lifecycle, and IAM basics
• Experience working in or supporting vulnerability management workflows
• Comfort working with log aggregation tools, security alerting platforms, and ticketing systems
• Ability to communicate clearly across technical and non-technical audiences
• Self-directed, detail-oriented, and comfortable operating across multiple teams

PREFERRED

• Exposure to SIEMs (e.g., Splunk) or SOAR platforms (e.g., Tines, XSOAR)
• Familiarity with software development practices and secure coding principles
• Experience with cloud-native monitoring (e.g., AWS Config, CloudTrail, Audit Logs)
• Security certifications: GCIH, AWS Security Specialty, or equivalent

#LI-TH3,  #LI-ONSITE

Salary ranges are determined based on role, level and location. For positions open to candidates in multiple geographical locations, the base salary range is reflective of the labor market across the applicable locations. 

This role may be eligible for incentive pay and/or equity. 

There is no application deadline and we accept applications on an ongoing basis until the job is filled.

WHAT YOU CAN EXPECT FROM US:

• Pure Innovation: We celebrate those who think critically, like a challenge and aspire to be trailblazers.
• Pure Growth: We give you the space and support to grow along with us and to contribute to something meaningful. We have been Named Fortune's Best Large Workplaces in the Bay Area™, Fortune's Best Workplaces for Millennials™ and certified as a Great Place to Work®!
• Pure Team: We build each other up and set aside ego for the greater good.

And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources and company-sponsored team events. Check out purebenefits.com for more information.

ACCOMMODATIONS AND ACCESSIBILITY:

Candidates with disabilities may request accommodations for all aspects of our hiring process. For more on this, contact us at TA-Ops@purestorage.com if you’re invited to an interview.

OUR COMMITMENT TO A STRONG AND INCLUSIVE TEAM:

We’re forging a future where everyone finds their rightful place and where every voice matters. Where uniqueness isn’t just accepted but embraced. That’s why we are committed to fostering the growth and development of every person, cultivating a sense of community through our Employee Resource Groups and advocating for inclusive leadership. Pure is proud to be an equal opportunity and affirmative action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or any other characteristic legally protected by the laws of the jurisdiction in which you are being considered for hire.

JOIN US AND BRING YOUR BEST.

BRING YOUR BOLD.

BRING YOUR FLASH.