Experience integrating security controls into CI/CD pipelines (DevSecOps).
Familiarity with container and Kubernetes security .
Knowledge of OAuth 2.0, OpenID Connect (OIDC), JWT , and identity/security patterns.
Experience with Infrastructure as Code (IaC) security (Terraform, CloudFormation, ARM).
Experience working in regulated or compliance-driven environments .
Familiarity with ISO 27001, SOC 2, NIST, or FedRAMP frameworks.
Security certifications such as GWAPT, OSWE, CSSLP, CISSP, or CCSP .
Benefits
Performance bonus
Additional Information
Our world is transforming, and PTC is leading the way. Our software brings the physical and digital worlds together, enabling companies to improve operations, create better products, and empower people in all aspects of their business.
Our people make all the difference in our success. Today, we are a global team of nearly 7,000 and our main objective is to create opportunities for our team members to explore, learn, and grow - all while seeing their ideas come to life and celebrating the differences that make us who we are and the work we do possible.
PTC enables global manufacturers to realize double-digit impact with software solutions that enable them to accelerate product and service innovation, improve operational efficiency, and increase workforce productivity. In combination with an extensive partner network, PTC provides customers flexibility in how its technology can be deployed to drive digital transformation - on premises, in the cloud, or via its pure SaaS platform. At PTC, we don't just imagine a better world, we enable it.
Staff Product Security Engineer
You'll be responsible for helping secure PTC by providing cyber security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure our SaaS applications, containers, operating systems, databases, and networks. Additionally, the Security Engineer assists in the development of cyber security requirements, conducts security risk assessments, evaluates security services and technologies, and reviews and documents information security policies and procedures as well as provides monitoring and oversight for alerts in this environment.
Our SaaS Security Team is small but growing. So, we all do what it takes and use all the skills in our personal arsenals to continue to evolve PTC's SaaS Security posture. Our environment is fast, friendly, and dynamic.
Day-To-Day:
Serves as a subject matter expert (SME) on Information Security.
Identify and implement new security technologies and best practices.
Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls.
Reduce time-to-detect and time-to-remediate by driving the automation of applied threat intelligence and sensor enrichment.
Guide and influence multi-disciplinary teams in implementing and operating Cyber Security controls.
Consults with internal teams on engineering designs and development of cloud-based systems to ensure security is built-in.
Learns with agility; empowered to update and enhance current security practices, tooling, and documentation.
Ptc · Remote