Director of System Architecture - Connected Water Metering Products

Position Summary As the Director of Systems Architecture, you will own the end-to-end technical architecture for Neptune's connected water metering products, spanning meter firmware, RF and cellular gateway collectors, cloud headend services, APIs, and supporting IT infrastructure. This position involves bridging product, security, and manufacturing engineering to bring new connected devices from concept to certified, deployed product. You will author and maintain system-level specifications, design PKI and security architecture for device identity at manufacturing scale, define verification and validation strategies, and serve as the technical authority across firmware, software, hardware, and DevSecOps teams. This role reports to the CTO and provides direct impact on Neptune's product roadmap, platform security posture, and manufacturing readiness.

Objectives End-to-End System Architecture:

Define and maintain the holistic system architecture spanning water meter firmware, RF/cellular gateway collectors, cloud headend services, APIs, and supporting IT infrastructure. Identify and resolve cross-domain interfaces and integration points early in the product lifecycle.

Product and System Specifications:

Author and maintain system-level specifications for new product development, including system requirements specifications (SRS), interface control documents (ICDs), hardware/firmware/software architecture documents, and operational concepts. Ensure traceability from customer requirements through design to test.

PKI, Certificate, and Key Management:

Design and specify the end-to-end PKI and key management architecture for device identity, covering device certificate provisioning during manufacturing, secure key injection processes, certificate lifecycle management, trust hierarchies (root CA, intermediate CA, device certificates), secure boot chain-of-trust, firmware signing, and code signing for distributed mobile and desktop applications. Define manufacturing-line integration specifications to ensure cryptographic material is provisioned correctly and auditably at scale.

Product Security Architecture:

Establish and enforce security architecture across the product stack, including secure boot, authenticated and encrypted OTA firmware update, mutual TLS for device-to-cloud communication, secure element and TEE integration where applicable, and headend access controls. Support threat modeling and drive security requirements into design across firmware, software, and infrastructure teams.

Verification and Validation:

Define and own a disciplined system verification and validation strategy in which every customer and system requirement is explicitly tied to a test that proves it works, from unit and integration tests at the component level through subsystem qualification, full system testing, and end-to-end field acceptance. Drive the creation of test specifications across firmware, software, RF communication, headend integration, and security properties.

Cross-Functional Collaboration:

Work closely with product managers, firmware engineers, hardware engineers, manufacturing operations, UX/UI designers, and other stakeholders to ensure all systems meet business objectives and deliver a seamless end-to-end product experience. Serve as the technical authority across firmware, software, hardware, manufacturing, and DevSecOps teams. Lead architecture reviews and design critiques. Support the CTO on technology strategy, platform roadmap decisions, and technical risk identification for new product programs.

Innovation and Continuous Improvement:

Stay current with emerging technologies in IoT, embedded security, cloud infrastructure, and connected device ecosystems. Bring innovative solutions to complex system challenges and continuously evaluate opportunities to improve Neptune's product architecture, development processes, and manufacturing integration.

Requirements Education/Experience:

Bachelor's or Master's degree in Electrical Engineering, Computer Engineering, Computer Science, or equivalent experience. 10+ years in systems engineering, software systems, embedded systems, or IoT product development, with at least 3 years in a systems architect or principal engineer role.

Skills:

Embedded Systems:

Hands-on experience with constrained embedded/firmware environments (RTOS, bare metal, C/C++) and cloud-connected IoT protocols (MQTT, AMQP, CoAP, LWM2M).

Cloud Infrastructure:

Experience with cloud infrastructure and services (AWS preferred), including containerized workloads, API management, and data ingestion pipelines.

Security:

Deep knowledge of

PKI, X.509

certificates, TLS/DTLS, secure boot, code signing, HSMs, and secure element integration for high-volume manufacturing.

Systems Engineering:

Experience authoring formal systems engineering artifacts: SRS, ICD, architecture decision records, FMEA, threat models, and verification and validation plans.

Product Development:

Demonstrated experience structuring product development so that requirements, design decisions, and the tests that verify them are defined and maintained together throughout the program, not bolted on at the end.

RF Communications:

Experience with RF communication technologies relevant to AMI/AMR (e.g., 900 MHz mesh, LoRa, NB-IoT, LTE-M) and associated link-layer security considerations.

Written Communication:

Strong written communication skills; this role produces specifications, not just slides.

Desired Skills:

Background in utility metering, smart grid, water/gas/electric AMI, or industrial IoT product development. Familiarity with SOC2 (Type I/II), ISO 27001, GDPR, CCPA and other standards. Experience with IEC 62443 or

NERC CIP

for operational technology cybersecurity, or

NIST 800-82.

Exposure to manufacturing line security station integration (HSM-backed key injection, test fixture interfaces, MES integration).

Location:

Tallassee, Alabama or Duluth, Georgia; May be required to travel to one of our manufacturing/customer locations up to 20% of the time when necessary. #HP1