Form Energy is looking to solve the problem of grid-scale energy storage reliability and security by revolutionizing energy storage with cost-effective, multi-day technology. The Principal Security Architect will ensure the security of their battery products (hardware, firmware, software, cloud infrastructure, and plant networks) to meet high standards for operational resilience, data protection, and regulatory compliance in the energy sector.
Requirements
- 15+ years of experience in product/process focused security, or cloud security with at least 3 years focused on hardware-enabled products, IoT, or Operational Technology (OT)/Industrial Control Systems (ICS).
- Hands-on experience with threat modeling methodologies (e.g., STRIDE) and security analysis tools.
- Strong command of Python, Go, or C++
- Deep experience with Linux or *BSD platforms
- Networking fundamentals as they relate to K8s, site-to-site VPNs, and security
- Experience working at both growth-phase startups and mid-to-large enterprises
Responsibilities
- Define and maintain the product security roadmap and architecture, ensuring alignment with business goals, industry best practices (e.g. NIST CSF, IEC 62443, UL 2900), and emerging threat landscapes targeting Critical Infrastructure Technology (CIT)/Operational Technology (OT).
- Integrate security activities (e.g., threat modeling, static/dynamic analysis, security testing) into the existing product development pipeline (DevSecOps).
- Lead Threat Modeling & Risk Analysis through identifying, analyzing, and documenting security risks for new and existing battery management systems, power conversion systems, and remote monitoring/control platforms.
- Act as the final security authority for product designs, reviewing architectural diagrams, design specifications, and source code to ensure adherence to security requirements and mitigating identified risks.
- Define and manage the product's vulnerability disclosure and response process (PSIRT), including firmware/software updates and patch delivery mechanisms to fielded systems.
- Ensure the product security architecture meets relevant regulatory and industry standards, such as NERC CIP, ISO 27001, and specific utility requirements.
- Defining security requirements for battery management unit and power controls, including secure boot, encryption-at-rest/in-transit, and hardware roots of trust (e.g. TPM, HSM,SE).
Other
- Experience working at both growth-phase startups and mid-to-large enterprises
- Form Energy offers competitive salaries, stock options, and a holistic benefits package
- When it comes to you and your family’s health, we cover 100% of medical, dental, and vision premiums for full-time employees - and 80% of healthcare premiums for dependents.
- We also offer at least 12 weeks of paid leave for new parents (up to 20 weeks for birthing parents), and generous vacation policies to give employees time to recharge when needed.
- We are proud to be an equal opportunity employer, and encourage candidates from all backgrounds to apply to our open jobs.
