Product Offering:
Spreedly provides an open payments platform. The platform’s connectivity provides payments performance. Key products and services include:
Connect — A unified API that integrates with hundreds of payment gateways, processors, and alternative payment methods worldwide, including digital wallets. Merchants access the global payments ecosystem through one connection.
Vault — A PCI-compliant secure repository for payment methods. Merchants store card data once and reuse it across any payment service, reducing PCI scope and protecting cardholder data at scale.
Optimize — Workflow-driven routing and retry logic that directs each transaction to the best-performing gateway in real time. On average, 7.9% of failed transactions succeed immediately when retried on a secondary gateway. This is where merchants recover lost revenue and increase authorization success rates.
Protect — A flexible fraud and authentication layer, incorporating advanced fraud tools and 3DS. Following Spreedly's acquisition of Dodgeball in September 2025, fraud orchestration and payment optimization now operate within the same platform.
Resolve — Centralized management and reporting that reduces operational silos, strengthens security, and improves billing control across a merchant's entire payment operation.
As a Cybersecurity Architect at Spreedly, you will be a key leader in the Information Security Team, responsible for designing, building, and maintaining the security architecture that protects our systems, networks, and data against evolving cyber threats. In this senior role, you will provide technical security leadership and influence strategic initiatives to ensure the confidentiality, integrity, and availability of Spreedly’s data, particularly within our open payments platform. You will work closely with other engineering and product teams to intentionally integrate security controls into future product offerings and to align security strategies with business and technology goals.
The ideal candidate will possess expertise within the payments or financial services, demonstrating a sophisticated understanding of high-volume transaction processing, payment orchestration, and the unique security risks associated with global financial data flows. This includes a proven track record of architecting secure, low-latency solutions that maintain rigorous compliance with PCI DSS and international financial regulations while enabling seamless, API-driven innovation.
Responsibilities:
- Security Architecture & Design: Design, build, and implement robust security architectures for all Engineering projects and systems, including future products that incorporate AI/ML technology.
- Security Architecture Roadmap: Lead, maintain, and drive the multi-year security architecture roadmap, ensuring it remains dynamic and aligned with business objectives, product innovation, and the evolving threat landscape.
- Emerging Tech Governance: Develop secure frameworks for AI/ML deployments and manage the long-term transition to Post-Quantum Cryptography (PQC) standards.
- Product Security Strategy: Partner with product and engineering leaders to define the overarching product security strategy, ensuring security is a core enabler of product innovation and high-scale payment orchestration.
- Global Expansion Expertise: Serve as the lead security advisor for international market expansion, ensuring architecture aligns with regional data residency requirements, localized payment regulations, and international standards.
- Compliance & Policy: Recommend updates to corporate security policies to ensure controls grow with the business, specifically targeting compliance with PCI DSS, ISO-27001, ISO-27701, ISO-42001, and emergent payment security regulations across global markets.
- Security Leadership: Provide technical guidance for Engineering teams and lead security-related cross-functional and business-driven projects.
- Continuous Improvement: Stay updated on the latest security trends, threat intelligence, and attack vectors to continuously improve the security posture.
Requirements:
- 10+ years of experience in cybersecurity, with a focus on designing, planning, and integrating enterprise-class security systems.
- Proven experience in architecting security for emerging technologies, including AI/ML and advanced cryptographic systems.
- Deep expertise in IT security architecture, cloud security (AWS, Azure, Google Cloud), and network security.
- Experience with threat modeling, vulnerability testing, and security assessments in a high-growth environment.
- Strong understanding of security frameworks and compliance standards such as PCI DSS, SOC 2, ISO 27001, ISO 27701, and ISO 42001.
- Proficiency in programming and scripting languages (e.g., Python, Ruby, JavaScript).
- Exceptional communication and leadership skills, with the ability to convey complex security concepts to both technical and non-technical audiences, including executives.
- Expertise in designing scalable security solutions, including uplifting API security and authentication, while securing global data flows.
- A proactive and inquisitive mindset, with the ability to think like a malicious hacker to anticipate risks.
- Ability to operate autonomously in a fast-paced environment, prioritizing needs from a variety of stakeholders across different global regions.
We Offer US-based Employees:
- Competitive salary + Equity
- Outstanding Medical and Dental benefits, including 100% employer-paid options
- Company-paid Life and Disability insurance
- Optional vision and supplemental insurance options, and various Flexible Spending Accounts (FSA)
- Open Paid Time Off policy + 12 weeks of paid leave for new parents
- Matching 401(k) plan (5% up to $5,000 yearly)
- Monthly home working/digital lifestyle stipend, new MacBook, and one-time accessory reimbursement
- $1,000 annual professional development stipend
- Access to company-paid professional coaching service
- Visits to HQ in Durham, North Carolina for remote employees
Skills Required
- 10+ years of experience in cybersecurity
- Experience in architecting security for AI/ML and advanced cryptographic systems
- Deep expertise in IT security architecture, cloud security, and network security
- Experience with threat modeling, vulnerability testing, and security assessments
- Understanding of PCI DSS, SOC 2, ISO 27001, ISO 27701, and ISO 42001
- Proficiency in programming and scripting languages
- Exceptional communication and leadership skills
Spreedly Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Spreedly and has not been reviewed or approved by Spreedly.
-
Healthcare Strength — Employer-paid medical and dental coverage for employees, spouses/domestic partners, and families, with optional vision, is prominently provided. Company-paid life and disability insurance further reinforce the health protection offering.
-
Leave & Time Off Breadth — An open PTO policy, paid holidays, and references to sabbaticals create broad time-off flexibility. This breadth is paired with a remote-friendly work setup.
-
Parental & Family Support — Paid parental leave of 12 weeks is available for employees. Coverage of spouses and domestic partners within health benefits complements family support.
Spreedly Insights
What We Do
Build best-in-market payment systems by connecting to any payment service. Enable, optimize, and analyze online revenue with Spreedly’s flexible payments platform. See how you can start today: https://www.spreedly.com Connecting to multiple payment services, known as payment orchestration, is the new standard. Building and maintaining custom payment integrations is slow and expensive. Our PCI compliant solution lets you connect once and stay ahead of your payments strategy.
