Cybersecurity Architect

About Us:
Spreedly is the world's leading Open Payments Platform. Founded in 2007 and headquartered in Durham, NC, the company gives mid-market and enterprise businesses the infrastructure to connect to any payment gateway, processor, or fraud tool through a single API. The platform is vendor-agnostic by design, meaning customers are never locked into a single provider and never need to rebuild their payments stack to access new capabilities.

The core business problem Spreedly solves is real and costly: global merchants face a fragmented payments ecosystem, where every new market, payment method, or fraud tool typically requires a separate, time-consuming integration. Spreedly eliminates that complexity, enabling companies to route transactions intelligently, secure cardholder data, prevent fraud, and expand into new markets without heavy engineering overhead.

Product Offering:

Spreedly provides an open payments platform. The platform's connectivity provides payments performance. Key products and services include:

Connect - A unified API that integrates with hundreds of payment gateways, processors, and alternative payment methods worldwide, including digital wallets. Merchants access the global payments ecosystem through one connection.
Vault - A PCI-compliant secure repository for payment methods. Merchants store card data once and reuse it across any payment service, reducing PCI scope and protecting cardholder data at scale.
Optimize - Workflow-driven routing and retry logic that directs each transaction to the best-performing gateway in real time. On average, 7.9% of failed transactions succeed immediately when retried on a secondary gateway. This is where merchants recover lost revenue and increase authorization success rates.
Protect - A flexible fraud and authentication layer, incorporating advanced fraud tools and 3DS. Following Spreedly's acquisition of Dodgeball in September 2025, fraud orchestration and payment optimization now operate within the same platform.
Resolve - Centralized management and reporting that reduces operational silos, strengthens security, and improves billing control across a merchant's entire payment operation.
What It's Like to Work Here:
We describe our team as "Spreedlings": diverse, forward-thinking, and driven by a shared belief that a more open payments ecosystem benefits everyone. The company operates with a culture built on transparency, courageous collaboration, and self-driven leadership. The team values simplicity in both product and process, and approaches problem-solving with genuine curiosity.

About the Role:

As a Cybersecurity Architect at Spreedly, you will be a key leader in the Information Security Team, responsible for designing, building, and maintaining the security architecture that protects our systems, networks, and data against evolving cyber threats. In this senior role, you will provide technical security leadership and influence strategic initiatives to ensure the confidentiality, integrity, and availability of Spreedly's data, particularly within our open payments platform. You will work closely with other engineering and product teams to intentionally integrate security controls into future product offerings and to align security strategies with business and technology goals.

The ideal candidate will possess expertise within the payments or financial services, demonstrating a sophisticated understanding of high-volume transaction processing, payment orchestration, and the unique security risks associated with global financial data flows. This includes a proven track record of architecting secure, low-latency solutions that maintain rigorous compliance with PCI DSS and international financial regulations while enabling seamless, API-driven innovation.

Responsibilities:

• Security Architecture & Design: Design, build, and implement robust security architectures for all Engineering projects and systems, including future products that incorporate AI/ML technology.
• Security Architecture Roadmap: Lead, maintain, and drive the multi-year security architecture roadmap, ensuring it remains dynamic and aligned with business objectives, product innovation, and the evolving threat landscape.
• Emerging Tech Governance: Develop secure frameworks for AI/ML deployments and manage the long-term transition to Post-Quantum Cryptography (PQC) standards.
• Product Security Strategy: Partner with product and engineering leaders to define the overarching product security strategy, ensuring security is a core enabler of product innovation and high-scale payment orchestration.
• Global Expansion Expertise: Serve as the lead security advisor for international market expansion, ensuring architecture aligns with regional data residency requirements, localized payment regulations, and international standards.
• Compliance & Policy: Recommend updates to corporate security policies to ensure controls grow with the business, specifically targeting compliance with PCI DSS, ISO-27001, ISO-27701, ISO-42001, and emergent payment security regulations across global markets.
• Security Leadership: Provide technical guidance for Engineering teams and lead security-related cross-functional and business-driven projects.
• Continuous Improvement: Stay updated on the latest security trends, threat intelligence, and attack vectors to continuously improve the security posture.

Requirements:

• 10+ years of experience in cybersecurity, with a focus on designing, planning, and integrating enterprise-class security systems.
• Proven experience in architecting security for emerging technologies, including AI/ML and advanced cryptographic systems.
• Deep expertise in IT security architecture, cloud security (AWS, Azure, Google Cloud), and network security.
• Experience with threat modeling, vulnerability testing, and security assessments in a high-growth environment.
• Strong understanding of security frameworks and compliance standards such as PCI DSS, SOC 2, ISO 27001, ISO 27701, and ISO 42001.
• Proficiency in programming and scripting languages (e.g., Python, Ruby, JavaScript).
• Exceptional communication and leadership skills, with the ability to convey complex security concepts to both technical and non-technical audiences, including executives.
• Expertise in designing scalable security solutions, including uplifting API security and authentication, while securing global data flows.
• A proactive and inquisitive mindset, with the ability to think like a malicious hacker to anticipate risks.
• Ability to operate autonomously in a fast-paced environment, prioritizing needs from a variety of stakeholders across different global regions.

We Offer US-based Employees:

• Competitive salary + Equity
• Outstanding Medical and Dental benefits, including 100% employer-paid options
• Company-paid Life and Disability insurance
• Optional vision and supplemental insurance options, and various Flexible Spending Accounts (FSA)
• Open Paid Time Off policy + 12 weeks of paid leave for new parents
• Matching 401(k) plan (5% up to $5,000 yearly)
• Monthly home working/digital lifestyle stipend, new MacBook, and one-time accessory reimbursement
• $1,000 annual professional development stipend
• Access to company-paid professional coaching service
• Visits to HQ in Durham, North Carolina for remote employees

We champion the ethical, creative use of AI-if you're someone who pairs human judgment with modern AI tools to work smarter and drive bigger impact, you'll thrive here.

Spreedly is an equal opportunity employer. We are committed to fostering, cultivating, and preserving a culture of diversity, equity, inclusion, and belonging. We actively work to drive out even unintentional discrimination in our hiring processes via practices like blindly graded work samples, structured interviews, and diversity awareness training.

Due to the sensitive nature of what Spreedly does - handling payment data - finalist candidates must complete a successful background and reference check.


At this time Spreedly is unable to provide sponsorship for employment, and we are not set up to support remote employees who reside in New York. In order to be considered for employment, applicants must be currently legally authorized to work in the job location country and not require future sponsorship in order to continue working in that country.

We appreciate your interest in our company. Because of the high volume of resume flow, we may only respond to those candidates that we think will be a potential fit.

#LI-AE1

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.