Senior Security Architect

Dispel: Security, For All

Dispel is redefining how the world’s most critical industries connect, protect, and operate. Built for both Operational Technology (OT) and security teams, our Zero Trust Engine delivers secure, scalable connectivity across every make, model, and generation of equipment—enabling fast, reliable remote access, industrial data streaming, and integrated threat monitoring in even the most complex environments.

We don’t just keep operations safe—we make them better. With OTFusion, Dispel unifies applications and systems across sites, streamlining operations, cutting complexity, and driving measurable efficiency gains.

Since 2015, we’ve been pioneering cybersecurity innovation: inventing network-level Moving Target Defense (MTD), securing 54 million utility users worldwide, protecting over $500B in manufactured goods annually, and ensuring the everyday essentials people rely on—from 50% of the U.S. baby formula supply to 1 in 5 non-alcoholic beverages in America—are made and delivered safely.

If you're passionate about providing security, for all, this is the place to be.

Requirements

Senior Security Architect

Location: Remote (US-based, occasional travel required)

Department: Security

Reports To: CISO / VP of Security

About Dispel: Dispel is the fastest-growing cybersecurity company recognized in the 2025 Cybersecurity Excellence Awards. We deliver zero trust secure remote access and real-time data streaming for operational technology (OT) and industrial control systems (ICS). Our patented Moving Target Defense technology—referenced in NIST 800-172—protects critical infrastructure for utilities serving 54 million+ people, manufacturers producing over 50% of US baby formula, and major defense contracts including a $950M IDIQ with the US Air Force.

Role Overview: We're seeking a Senior Security Architect to lead offensive security operations and product security assurance for our Zero Trust Engine (ZTE) platform and enterprise infrastructure. You'll be the technical authority for security architecture decisions, conducting internal red team operations, threat modeling, and building security into our CI/CD pipelines while supporting the maturation of our Security Operations Center.This role is product-first: your primary focus is ensuring the security of what we ship to customers who rely on us to protect their critical infrastructure.

Key Responsibilities: Offensive Security & Red Teaming

• Plan and execute internal red team engagements against the ZTE platform and corporate infrastructure

• Conduct regular penetration testing of applications, APIs, cloud infrastructure (AWS GovCloud), and network segments

• Develop and maintain adversary emulation capabilities aligned with MITRE ATT&CK for ICS

• Document findings with actionable remediation guidance and track to resolution

• Coordinate with external penetration testing firms for annual assessments
• Threat Modeling & Security Architecture

• Lead threat modeling sessions for new features and architectural changes using STRIDE, PASTA, or attack trees

• Review and approve security architecture for product changes before implementation

• Participate in Change Control Board (CCB) reviews with security sign-off authority

• Define security requirements and acceptance criteria for development teams

• Maintain threat models for ZTE components including Moving Target Defense, access control, session recording, and password vaulting
• Active Defense & Detection Engineering

• Design and implement deception technologies and honeypots within the product and infrastructure

• Collaborate with SOC to develop detection rules based on offensive findings

• Create purple team exercises bridging red team operations with blue team response

• Develop adversary playbooks that inform SOC runbooks

• Secure Development & CI/CD Security

• Implement and maintain security controls in CI/CD pipelines (SAST, DAST, SCA, secrets scanning, container scanning)

• Define and enforce security gates for code promotion

• Review infrastructure-as-code for security misconfigurations

• Integrate security testing into GitHub workflows

• Establish software supply chain security controls (SBOM generation, dependency verification)
• Vulnerability Management

• Stand up and operationalize vulnerability management program in coordination with SOC

• Define vulnerability severity thresholds, SLAs, and escalation procedures

• Triage and prioritize vulnerabilities based on exploitability and business context

• Track remediation progress and report metrics to leadership
• SOC Development Support

• Partner with SOC team on playbook development for incident response

• Provide offensive perspective on detection gaps and coverage

• Support SOC maturation through training, tabletop exercises, and purple team activities

• Contribute to SIEM rule development and tuning (Google SecOps)

Required Qualifications:

• 8-12 years of experience in cybersecurity with 5+ years in offensive security, application security, or security architecture

• Demonstrated experience conducting penetration testing and red team operations

• Strong knowledge of cloud security (AWS required; Azure/GCP beneficial)

• Experience with CI/CD security tooling and DevSecOps practices

• Hands-on experience with threat modeling methodologies

• Proficiency in at least one scripting/programming language (Python, Go, Bash)

• Understanding of OT/ICS security concepts and protocols

• Experience with vulnerability management tools and processes

• Excellent written and verbal communication skills

• Preferred Qualifications- Experience with Moving Target Defense or software-defined perimeter technologies

• Background in OT/ICS environments (SCADA, PLCs, industrial protocols)

• Experience with compliance frameworks: FedRAMP, CMMC, IEC 62443, NERC-CIP, NIST 800-53/800-82

• Familiarity with zero trust architecture principles

• Experience with AWS GovCloud

• Previous startup or high-growth company experience

• Certifications (Preferred, not required)- OSCP, OSCE, OSWE, or equivalent offensive certifications

• GPEN, GWAPT, GXPN, or other GIAC certifications

• AWS Security Specialty

• CISSP, CISM (for architecture credibility)

What We Offer- Competitive compensation with equity:

• Remote-first culture with flexible hours

• Opportunity to protect critical infrastructure at scale

• Work with patented, cutting-edge security technology

• Direct impact on product security decisions

• Collaborative team environment

• Security Clearance- Must be a US Person (citizen or permanent resident)

• Ability to obtain and maintain security clearance preferred

Benefits

At Dispel you’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

• Competitive salary and performance bonus
• Comprehensive health, dental, and vision insurance
• 401(k) with company match
• Opportunity for incentive units grant
• Generous paid time off and holidays
• Flexible work environment with opportunities for remote work
• Salary range for role: $100,000-$134,000

Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. Your exact offer may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience.

This is a career growth opportunity and an FLSA-exempt role. The position will require working more than 40 hours per week at times to meet business needs.

Beware of Hiring Scams: Dispel will never ask for payment or sensitive personal information such as social security numbers during the hiring process. All official communication will come from a verified company email address. If you receive suspicious requests or communications, please report them to people @dispel.com. All of our legitimate openings can be found on the Dispel Career Site at https://apply.workable.com/dispel/