Principal Security Architect, Software Engineering

Are you ready to build America’s energy future? Form Energy is an American manufacturing and energy technology company. We’re revolutionizing energy storage with cost-effective, multi-day technology designed to keep the electric grid secure and reliable, even during extended periods of stress. By strengthening the electric system and reimagining what’s possible, we’re giving clean energy a whole new form! 

In recent years, Form Energy has earned a number of accolades, including being named by TIME as a “Best Invention”, MIT Technology Review as a “Top Climate Tech Company To Watch”, and Fast Company as “One of the Next Big Things In Tech”. We are making rapid progress on our mission of delivering energy storage for a better world, and our team is growing just as rapidly to meet demand. We have signed contracts with leading electric utilities across the United States and production of our iron-air batteries is underway at our first high-volume manufacturing facility in West Virginia.

Working for Form Energy is more than just a job, it’s a chance to be part of something extraordinary. And now - right as we significantly scale up battery manufacturing -  might be the most exciting moment in the company’s history to join. We are assembling a team of highly talented and driven individuals across the country. Driven by our core values of humanity, excellence, and creativity, our team is determined to deliver on our mission and transform the energy landscape for the better.

Feeling energized to make a meaningful impact on the world? Then keep reading - you’ve come to the right place.

Role Description

Form Energy is hiring a Principal Security Architect to be part of our growing Software Engineering organization. This organization is responsible for everything up and down our technology software stack, and is at the heart of making sure Form’s battery achieves the best performance possible.This is an exciting opportunity to help shape, and be part of a fast moving company, working on breakthrough technology, and an incredible mission

This role is responsible for defining, designing, and overseeing the implementation of security measures across the entire lifecycle of the company's grid-scale battery products (hardware, firmware, software, cloud infrastructure, and plant networks). The architect ensures that security is an intrinsic quality of the product, meeting high standards for operational resilience, data protection, and regulatory compliance for the energy sector.

What you'll do:

• Define and maintain the product security roadmap and architecture, ensuring alignment with business goals, industry best practices (e.g. NIST CSF, IEC 62443, UL 2900), and emerging threat landscapes targeting Critical Infrastructure Technology (CIT)/Operational Technology (OT).

• Integrate security activities (e.g., threat modeling, static/dynamic analysis, security testing) into the existing product development pipeline (DevSecOps).

• Lead Threat Modeling & Risk Analysis through identifying, analyzing, and documenting security risks for new and existing battery management systems, power conversion systems, and remote monitoring/control platforms.

• Act as the final security authority for product designs, reviewing architectural diagrams, design specifications, and source code to ensure adherence to security requirements and mitigating identified risks.

• Define and manage the product's vulnerability disclosure and response process (PSIRT), including firmware/software updates and patch delivery mechanisms to fielded systems.

• Ensure the product security architecture meets relevant regulatory and industry standards, such as NERC CIP, ISO 27001, and specific utility requirements.

• Defining security requirements for battery management unit and power controls, including secure boot, encryption-at-rest/in-transit, and hardware roots of trust (e.g. TPM, HSM,SE).

• Architecting the secure connectivity (VPN/TLS), authentication (Zero Trust/mTLS), and data management for remote monitoring and control platforms hosted in the cloud.

• Lead Product Operational Technology (OT) and Industrial Control Systems (ICS) Security Strategy.

• Designing robust network architectures that separate the corporate, control/OT, and battery array networks.

What you'll bring:

• 15+ years of experience in product/process focused security, or cloud security with at least 3 years focused on hardware-enabled products, IoT, or Operational Technology (OT)/Industrial Control Systems (ICS).

• Hands-on experience with threat modeling methodologies (e.g., STRIDE) and security analysis tools.

• Strong command of Python, Go, or C++

• Deep experience with Linux or *BSD platforms

• Networking fundamentals as they relate to K8s, site-to-site VPNs, and security

• Experience working at both growth-phase startups and mid-to-large enterprises

#LI-Onsite

#LI-TR1

Humanity is a cornerstone of Form Energy’s culture, and we make sure our compensation and benefits reflect that. Form Energy offers competitive salaries, stock options, and a holistic benefits package to ensure all employees have what they need to thrive while working here. 

When it comes to you and your family’s health, we cover 100% of medical, dental, and vision premiums for full-time employees - and 80% of healthcare premiums for dependents. This starts from day one. We also offer at least 12 weeks of paid leave for new parents (up to 20 weeks for birthing parents), and generous vacation policies to give employees time to recharge when needed. 

To build America’s energy future, we need everyone at the table. We are proud to be an equal opportunity employer, and encourage candidates from all backgrounds to apply to our open jobs.

If you may require reasonable accommodations to participate in our interview process, please contact [email protected]. Requests for accommodations will be treated with discretion.

Form Energy is committed to maintaining the privacy of our applicants. Please be aware that we will never solicit sensitive personal information such as Social Security numbers or bank account details during the recruiting or hiring process.