Job description
Dispel: Security, For All
Dispel is redefining how the world’s most critical industries connect, protect, and operate. Built for both Operational Technology (OT) and security teams, our Zero Trust Engine delivers secure, scalable connectivity across every make, model, and generation of equipment—enabling fast, reliable remote access, industrial data streaming, and integrated threat monitoring in even the most complex environments.
We don’t just keep operations safe—we make them better. With OTFusion, Dispel unifies applications and systems across sites, streamlining operations, cutting complexity, and driving measurable efficiency gains.
Since 2015, we’ve been pioneering cybersecurity innovation: inventing network-level Moving Target Defense (MTD), securing 54 million utility users worldwide, protecting over $500B in manufactured goods annually, and ensuring the everyday essentials people rely on—from 50% of the U.S. baby formula supply to 1 in 5 non-alcoholic beverages in America—are made and delivered safely.
If you’re passionate about providing security, for all, this is the place to be.
Senior Security Architect
Location: Remote (US-based, occasional travel required)
Department: Security
Reports To: CISO / VP of Security
About Dispel: Dispel is the fastest-growing cybersecurity company recognized in the 2025 Cybersecurity Excellence Awards. We deliver zero trust secure remote access and real-time data streaming for operational technology (OT) and industrial control systems (ICS). Our patented Moving Target Defense technology—referenced in NIST 800-172—protects critical infrastructure for utilities serving 54 million+ people, manufacturers producing over 50% of US baby formula, and major defense contracts including a $950M IDIQ with the US Air Force.
Role Overview: We’re seeking a Senior Security Architect to lead offensive security operations and product security assurance for our Zero Trust Engine (ZTE) platform and enterprise infrastructure. You’ll be the technical authority for security architecture decisions, conducting internal red team operations, threat modeling, and building security into our CI/CD pipelines while supporting the maturation of our Security Operations Center.This role is product-first: your primary focus is ensuring the security of what we ship to customers who rely on us to protect their critical infrastructure.
Key Responsibilities: Offensive Security & Red Teaming
Plan and execute internal red team engagements against the ZTE platform and corporate infrastructure
Conduct regular penetration testing of applications, APIs, cloud infrastructure (AWS GovCloud), and network segments
Develop and maintain adversary emulation capabilities aligned with MITRE ATT&CK for ICS
Document findings with actionable remediation guidance and track to resolution
Coordinate with external penetration testing firms for annual assessments
Threat Modeling & Security Architecture
Lead threat modeling sessions for new features and architectural changes using STRIDE, PASTA, or attack trees
Review and approve security architecture for product changes before implementation
Participate in Change Control Board (CCB) reviews with security sign-off authority
Define security requirements and acceptance criteria for development teams
Maintain threat models for ZTE components including Moving Target Defense, access control, session recording, and password vaulting
Active Defense & Detection Engineering
Design and implement deception technologies and honeypots within the product and infrastructure
Collaborate with SOC to develop detection rules based on offensive findings
Create purple team exercises bridging red team operations with blue team response
Develop adversary playbooks that inform SOC runbooks
Secure Development & CI/CD Security
Implement and maintain security controls in CI/CD pipelines (SAST, DAST, SCA, secrets scanning, container scanning)
Define and enforce security gates for code promotion
Review infrastructure-as-code for security misconfigurations
Integrate security testing into GitHub workflows
Establish software supply chain security controls (SBOM generation, dependency verification)
Vulnerability Management
Stand up and operationalize vulnerability management program in coordination with SOC
Define vulnerability severity thresholds, SLAs, and escalation procedures
Triage and prioritize vulnerabilities based on exploitability and business context
Track remediation progress and report metrics to leadership
SOC Development Support
Partner with SOC team on playbook development for incident response
Provide offensive perspective on detection gaps and coverage
Support SOC maturation through training, tabletop exercises, and purple team activities
Contribute to SIEM rule development and tuning (Google SecOps)
Required Qualifications:
8-12 years of experience in cybersecurity with 5+ years in offensive security, application security, or security architecture
Demonstrated experience conducting penetration testing and red team operations
Strong knowledge of cloud security (AWS required; Azure/GCP beneficial)
Experience with CI/CD security tooling and DevSecOps practices
Hands-on experience with threat modeling methodologies
Proficiency in at least one scripting/programming language (Python, Go, Bash)
Understanding of OT/ICS security concepts and protocols
Experience with vulnerability management tools and processes
Excellent written and verbal communication skills
Preferred Qualifications- Experience with Moving Target Defense or software-defined perimeter technologies
Background in OT/ICS environments (SCADA, PLCs, industrial protocols)
Experience with compliance frameworks: FedRAMP, CMMC, IEC 62443, NERC-CIP, NIST 800-53⁄800-82
Familiarity with zero trust architecture principles
Experience with AWS GovCloud
Previous startup or high-growth company experience
Certifications (Preferred, not required)- OSCP, OSCE, OSWE, or equivalent offensive certifications
GPEN, GWAPT, GXPN, or other GIAC certifications
AWS Security Specialty
CISSP, CISM (for architecture credibility)
What We Offer- Competitive compensation with equity:
Remote-first culture with flexible hours
Opportunity to protect critical infrastructure at scale
Work with patented, cutting-edge security technology
Direct impact on product security decisions
Collaborative team environment
Security Clearance- Must be a US Person (citizen or permanent resident)
Ability to obtain and maintain security clearance preferred
At Dispel you’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.
- Competitive salary and performance bonus
- Comprehensive health, dental, and vision insurance
- 401(k) with company match
- Opportunity for incentive units grant
- Generous paid time off and holidays
- Flexible work environment with opportunities for remote work
- Salary range for role: $100,000-$134,000
Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. Your exact offer may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience.
This is a career growth opportunity and an FLSA-exempt role. The position will require working more than 40 hours per week at times to meet business needs.
Beware of Hiring Scams: Dispel will never ask for payment or sensitive personal information such as social security numbers during the hiring process. All official communication will come from a verified company email address. If you receive suspicious requests or communications, please report them to people @dispel.com. All of our legitimate openings can be found on the Dispel Career Site at https://apply.workable.com/dispel/
