Set strategy & operating model: Define and execute a multi-year product/security strategy and roadmap across AI, SaaS, cloud, and product lines; establish a durable operating rhythm.
Lead the function: Operate, scale, and lead a product security organization (e.g., security architects, product security engineers, security champions enablement, AppSec tooling/program roles), including hiring, coaching, and performance management
Engage directly with customers to support sales cycles: Join customer and prospect calls to speak as the security SME, helping close deals by building trust and addressing concerns while also participating in RFP/RFI responses where product security expertise is needed.
Embed security into the SDLC/DevSecOps: Ensure security is integrated into agile delivery through developer security training, design/architecture reviews, threat modeling, security user stories, automated security testing, penetration testing, and audit readiness.
Architecture & design influence: Serve as a senior security advisor to engineering leadership; drive secure-by-design decisions for multi-tenant SaaS, APIs, identity, encryption, secrets, logging/monitoring, and tenant isolation.
Secure SDLC governance & standards: Own or co-own secure development policies/standards, release security criteria, and "definition of done" expectations (e.g., required SAST/DAST/SCA gates; pre-release validation).
Supply chain & third-party security: Define requirements for OSS and third-party components, including provenance, vulnerability monitoring, and secure acquisition/maintenance practices.
Metrics & continuous improvement: Establish measurable outcomes and reporting frameworks to track program effectiveness (risk reduction, coverage, remediation speed, escaped defects, incident trends) and guide investment decisions.
Cross-functional partnership: Partner with product engineering groups as trusted security counterparts across architecture, design, deployment, and runtime operations; influence backlogs and roadmaps without slowing delivery.
Customer & regulatory assurance: Support customer security reviews, attestations, and compliance-driven requirements by translating expectations into practical engineering controls and evidence.
Skills and Knowledge
AI-first approach to securing securing SaaS and cloud-native architectures (multi-tenancy, microservices, containers/Kubernetes, service meshes, CI/CD, infrastructure-as-code).
Fluency with secure development frameworks and maturity models (e.g., NIST SSDF practice groups and outcomes; metrics-driven improvement).
Strong stakeholder influence at senior levels-able to navigate ambiguity and drive alignment across Product, Engineering, Platform/SRE, and Compliance.
Requirements
10+ years in security engineering and/or product security, with significant experience in cloud and SaaS environments.
5+ years leading managers and/or multiple teams, scaling security programs across multiple products or business units.
Demonstrated success embedding security into engineering workflows (agile/DevOps) and improving release quality through automated testing and standard gates.
Track record partnering with engineering leader
Benefits
Paid time off
Additional Information
Our world is transforming, and PTC is leading the way. Our software brings the physical and digital worlds together, enabling companies to improve operations, create better products, and empower people in all aspects of their business.
Our people make all the difference in our success. Today, we are a global team of nearly 7,000 and our main objective is to create opportunities for our team members to explore, learn, and grow - all while seeing their ideas come to life and celebrating the differences that make us who we are and the work we do possible.
The Senior Director, SaaS, Cloud & Product Security is a senior security leader responsible for defining and executing the product security strategy across our SaaS platforms, cloud infrastructure, and customer-facing software products. The role partners closely with Engineering, Product Management, SRE/Platform, and GRC/Compliance to embed security into architecture, design, development, deployment, and runtime operations-driving measurable risk reduction while enabling product velocity. This leader builds and scales a high-performing organization that serves as trusted security advisors to product and platform teams, influencing roadmaps and ensuring accountability for remediation of material risks.
Ptc · US