Apply on Employer Site

PTC · 2 months ago

Principal SaaS Security Engineer

Boston, MA, USA

Full-time

Hybrid

Senior Level, Lead/Staff

7+ years exp

PTC is a global leader in transforming the physical and digital worlds through innovative software solutions. The Principal SaaS Security Engineer will be responsible for overseeing security operations, ensuring compliance with federal security frameworks, and enhancing the security posture of PTC's cloud environments.

Computer Software

Culture & Values

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Lead the planning, implementation, and reporting of all FedRAMP continuous monitoring (ConMon) activities

Manage and submit monthly ConMon deliverables, including vulnerability scan results, Plan of Action and Milestones (POA&M) updates, and incident reports to the FedRAMP Program Management Office (PMO), agency sponsor, and Internal Stakeholders

Ensure all necessary documentation, such as the System Security Plan (SSP), is kept up-to-date and accurately reflects the current security posture

Evaluate, deploy, and configure security tools and services in a large-scale, public cloud environment (100% AWS) to deliver a FedRAMP Moderate compliant service

Develop and manage defensive security tool rules, alerts, and dashboards to proactively detect threats and anomalies

Serve as a senior responder for security incidents within the FedRAMP authorization boundary

Lead incident response efforts, from initial triage and containment to mitigation and recovery

Ensure all incidents are reported in accordance with FedRAMP Incident Communications Procedures

Conduct post-mortem analysis of security incidents to identify root causes, implement defensive measures, and improve the incident response process

Oversee comprehensive vulnerability management, including authenticated and unauthenticated scanning of systems, databases, containers, and web applications

Track and manage the remediation of vulnerabilities according to FedRAMP timeliness requirements (e.g., High-risk findings within 30 days)

Implement and manage Intrusion Detection/Prevention Systems (IDPS) and host-based security systems to protect the system boundary and monitor for threats

Act as a technical leader, mentoring junior engineers and promoting security best practices across engineering and operations teams

Collaborate with 3PAOs (Third-Party Assessment Organizations) during annual assessments and audit readiness activities

Partner with other technical stakeholders to provide security expertise and ensure solutions align with compliance requirements

Qualification

Cloud securityFedRAMP complianceNIST SP 800-53Incident responseVulnerability managementAWS IAMSIEM platformsSecurity certificationsCommunicationMentoring

Required

7-10 years of hands-on professional experience in security operations, security engineering, or a related field

US Citizen for security clearance requirements for FedRAMP

Experience with US federal compliance frameworks, specifically FedRAMP Moderate, ITAR and NIST SP 800-53 controls

Proven expertise with cloud security services (e.g., AWS IAM, GuardDuty, Security Hub)

Extensive experience with SIEM platforms (e.g., SumoLogic, OpenSearch) for log analysis, alerting, and security monitoring

Strong knowledge of threat detection, and incident response methodologies

Experience with vulnerability scanning tools (e.g., Wiz, CrowdStrike), triaging results, and managing remediation

Strong written communication skills, with the ability to articulate technical concepts to both technical and non-technical audiences

Ability to commute to the Seaport office 1-2 days a week

Preferred

Security certifications are a plus (e.g., CISSP, GSEC, CEH)

Company

PTC

Glassdoor4.2

PTC (NASDAQ: PTC) unleashes industrial innovation with award-winning, market-proven solutions that enable companies to differentiate their products and services, improve operational excellence, and increase workforce productivity.

Founded in 1985

Boston, Massachusetts, US

5001-10000 employees