Senior Security Architect

Dispel•Austin, TX

2h•$100,000 - $134,000•Remote

About The Position

Dispel: Security, For All Dispel is redefining how the world’s most critical industries connect, protect, and operate. Built for both Operational Technology (OT) and security teams, our Zero Trust Engine delivers secure, scalable connectivity across every make, model, and generation of equipment—enabling fast, reliable remote access, industrial data streaming, and integrated threat monitoring in even the most complex environments. We don’t just keep operations safe—we make them better. With OTFusion, Dispel unifies applications and systems across sites, streamlining operations, cutting complexity, and driving measurable efficiency gains. Since 2015, we’ve been pioneering cybersecurity innovation: inventing network-level Moving Target Defense (MTD), securing 54 million utility users worldwide, protecting over $500B in manufactured goods annually, and ensuring the everyday essentials people rely on—from 50% of the U.S. baby formula supply to 1 in 5 non-alcoholic beverages in America—are made and delivered safely. If you're passionate about providing security, for all, this is the place to be. Senior Security Architect Location: Remote (US-based, occasional travel required) Department: Security Reports To: CISO / VP of Security About Dispel: Dispel is the fastest-growing cybersecurity company recognized in the 2025 Cybersecurity Excellence Awards. We deliver zero trust secure remote access and real-time data streaming for operational technology (OT) and industrial control systems (ICS). Our patented Moving Target Defense technology—referenced in NIST 800-172—protects critical infrastructure for utilities serving 54 million+ people, manufacturers producing over 50% of US baby formula, and major defense contracts including a $950M IDIQ with the US Air Force. Role Overview: We're seeking a Senior Security Architect to lead offensive security operations and product security assurance for our Zero Trust Engine (ZTE) platform and enterprise infrastructure. You'll be the technical authority for security architecture decisions, conducting internal red team operations, threat modeling, and building security into our CI/CD pipelines while supporting the maturation of our Security Operations Center.This role is product-first: your primary focus is ensuring the security of what we ship to customers who rely on us to protect their critical infrastructure.

Requirements

8-12 years of experience in cybersecurity with 5+ years in offensive security, application security, or security architecture
Demonstrated experience conducting penetration testing and red team operations
Strong knowledge of cloud security (AWS required; Azure/GCP beneficial)
Experience with CI/CD security tooling and DevSecOps practices
Hands-on experience with threat modeling methodologies
Proficiency in at least one scripting/programming language (Python, Go, Bash)
Understanding of OT/ICS security concepts and protocols
Experience with vulnerability management tools and processes
Excellent written and verbal communication skills
Must be a US Person (citizen or permanent resident)
Ability to obtain and maintain security clearance preferred

Nice To Haves

Experience with Moving Target Defense or software-defined perimeter technologies
Background in OT/ICS environments (SCADA, PLCs, industrial protocols)
Experience with compliance frameworks: FedRAMP, CMMC, IEC 62443, NERC-CIP, NIST 800-53/800-82
Familiarity with zero trust architecture principles
Experience with AWS GovCloud
Previous startup or high-growth company experience
OSCP, OSCE, OSWE, or equivalent offensive certifications
GPEN, GWAPT, GXPN, or other GIAC certifications
AWS Security Specialty
CISSP, CISM (for architecture credibility)

Responsibilities

Plan and execute internal red team engagements against the ZTE platform and corporate infrastructure
Conduct regular penetration testing of applications, APIs, cloud infrastructure (AWS GovCloud), and network segments
Develop and maintain adversary emulation capabilities aligned with MITRE ATT&CK for ICS
Document findings with actionable remediation guidance and track to resolution
Coordinate with external penetration testing firms for annual assessments
Lead threat modeling sessions for new features and architectural changes using STRIDE, PASTA, or attack trees
Review and approve security architecture for product changes before implementation
Participate in Change Control Board (CCB) reviews with security sign-off authority
Define security requirements and acceptance criteria for development teams
Maintain threat models for ZTE components including Moving Target Defense, access control, session recording, and password vaulting
Design and implement deception technologies and honeypots within the product and infrastructure
Collaborate with SOC to develop detection rules based on offensive findings
Create purple team exercises bridging red team operations with blue team response
Develop adversary playbooks that inform SOC runbooks
Implement and maintain security controls in CI/CD pipelines (SAST, DAST, SCA, secrets scanning, container scanning)
Define and enforce security gates for code promotion
Review infrastructure-as-code for security misconfigurations
Integrate security testing into GitHub workflows
Establish software supply chain security controls (SBOM generation, dependency verification)
Stand up and operationalize vulnerability management program in coordination with SOC
Define vulnerability severity thresholds, SLAs, and escalation procedures
Triage and prioritize vulnerabilities based on exploitability and business context
Track remediation progress and report metrics to leadership
Partner with SOC team on playbook development for incident response
Provide offensive perspective on detection gaps and coverage
Support SOC maturation through training, tabletop exercises, and purple team activities
Contribute to SIEM rule development and tuning (Google SecOps)