Principal Security Architect, Software Engineering

Form Energy•Berkeley, CA

68d•Onsite

About The Position

Form Energy is hiring a Principal Security Architect to be part of our growing Software Engineering organization. This organization is responsible for everything up and down our technology software stack, and is at the heart of making sure Form's battery achieves the best performance possible.This is an exciting opportunity to help shape, and be part of a fast moving company, working on breakthrough technology, and an incredible mission This role is responsible for defining, designing, and overseeing the implementation of security measures across the entire lifecycle of the company's grid-scale battery products (hardware, firmware, software, cloud infrastructure, and plant networks). The architect ensures that security is an intrinsic quality of the product, meeting high standards for operational resilience, data protection, and regulatory compliance for the energy sector.

Requirements

15+ years of experience in product/process focused security, or cloud security with at least 3 years focused on hardware-enabled products, IoT, or Operational Technology (OT)/Industrial Control Systems (ICS).
Hands-on experience with threat modeling methodologies (e.g., STRIDE) and security analysis tools.
Strong command of Python, Go, or C++
Deep experience with Linux or BSD platforms
Networking fundamentals as they relate to K8s, site-to-site VPNs, and security
Experience working at both growth-phase startups and mid-to-large enterprises

Responsibilities

Define and maintain the product security roadmap and architecture, ensuring alignment with business goals, industry best practices (e.g. NIST CSF, IEC 62443, UL 2900), and emerging threat landscapes targeting Critical Infrastructure Technology (CIT)/Operational Technology (OT).
Integrate security activities (e.g., threat modeling, static/dynamic analysis, security testing) into the existing product development pipeline (DevSecOps).
Lead Threat Modeling & Risk Analysis through identifying, analyzing, and documenting security risks for new and existing battery management systems, power conversion systems, and remote monitoring/control platforms.
Act as the final security authority for product designs, reviewing architectural diagrams, design specifications, and source code to ensure adherence to security requirements and mitigating identified risks.
Define and manage the product's vulnerability disclosure and response process (PSIRT), including firmware/software updates and patch delivery mechanisms to fielded systems.
Ensure the product security architecture meets relevant regulatory and industry standards, such as NERC CIP, ISO 27001, and specific utility requirements.
Defining security requirements for battery management unit and power controls, including secure boot, encryption-at-rest/in-transit, and hardware roots of trust (e.g. TPM, HSM,SE).
Architecting the secure connectivity (VPN/TLS), authentication (Zero Trust/mTLS), and data management for remote monitoring and control platforms hosted in the cloud.
Lead Product Operational Technology (OT) and Industrial Control Systems (ICS) Security Strategy.
Designing robust network architectures that separate the corporate, control/OT, and battery array networks.

Benefits

Form Energy offers competitive salaries, stock options, and a holistic benefits package to ensure all employees have what they need to thrive while working here.
When it comes to you and your family's health, we cover 100% of medical, dental, and vision premiums for full-time employees - and 80% of healthcare premiums for dependents. This starts from day one.
We also offer at least 12 weeks of paid leave for new parents (up to 20 weeks for birthing parents), and generous vacation policies to give employees time to recharge when needed.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume