Aspen Technology · 1 day ago
Principal Product Security Engineer
Bedford, MA
Full-time
Onsite
Lead/Staff
$121K/yr - $151K/yr
8+ years expAspen Technology is a company that values the passion and ambition of its employees. They are seeking a Principal Product Security Engineer who will be a key member of the Product Security team, responsible for protecting clients and enabling secure development practices. This role involves overseeing risk assessments, vulnerability tracking, and ensuring compliance with security lifecycle activities.
IndustrialIndustrial AutomationIndustrial ManufacturingManufacturingSoftwareSupply Chain ManagementSustainability
Responsibilities
Responsible for supporting the design, implementation, and oversight of Product Secure Development Lifecycle. Including aspects such as security requirements, secure architecture/design, risk assessment, threat models, security scanning, triage and vulnerability management, and product security validation/verification
Administers product security practices to product teams, technology, and security champions across the organization
Drive Product Security efforts to resolve challenges, enable automation, and impact organization security culture
Monitors information security best practices, standards, regulations, industry threats and risks for improvements to product security practices
Maintains a deep understanding of current issues in the realm of information security. Subscribes to major industry newsgroups and mailing lists and assesses the impact of all emerging issues on systems and practices at Aspen Technology
Monitors security bulletins and alerts from all Aspen Technology’s information system vendors. Evaluates vulnerability impact and formulates and executes risk mitigation plans for product security
Member of the AspenTech Security Emergency Response Team (ASERT) providing expert analysis of security customer reported security incidents. Works with information resource owners during and after security incidents; work with product teams for analysis; recommends best practices and solutions. Where appropriate, work with product teams, technology teams, client support and customer contacts
Occasionally after hours and weekend work to perform tasks that cannot be done during business hours
Qualification
Required
Bachelor's degree (B.A./B.S.) or equivalent in computer science or technical equivalent discipline from an accredited college or university required
8+ years of experience in IT required
5+ years of experience in an information security role or experience with security and development teams
Knowledge of information security regulatory requirements for privacy, secure by design, and defense in depth
Maintains broad understanding of information security including ISO27002, NIST and other information security frameworks and regulations
Experience with Application/Product Security, Risk Assessment, Threat Models, Secure Architecture/Design, Security Scanning. (SAST, DAST, SCA, cloud security configuration scanning)
Experience with cloud solutions such as Azure and AWS - Experience with security policy, procedures, tools, services, and cloud security models
Demonstrated ability to plan, design, develop, deploy, and maintain application security best practices
Ability to assume high levels of responsibility and to work with a minimum of day-to-day supervision
Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy
Preferred
Preferable exposure to the following: IEC 62443-4-1, IEC 62443-4-2, NIST 800-53, ISO 27001, ISO 27002, Cloud Security Alliance (CSA), Cybersecurity and Infrastructure Security Agency (CISA), SANS, OWASP, CWE 25, ethical hacking, and AI Security best practices
Desired domain knowledge and/or certification: CISSP, CISA, CCSP, CSSLP, CEH, SANS GIAC, security certification from AWS or Azure
Desired knowledge of the following Technologies: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA)
Experience with Application Security Best Practices such as web security, cloud security, pen testing, fuzz testing, security coding guidelines, security architecture/design principles, CVSS, STRIDE, DREAD
Experience with Application development technologies, processes, and best practices. For example: Agile, RUP, CICD, DevSecOps
Benefits
Paid time off
Charitable giveback day
Medical/dental/vision insurance
Retirement benefits
Company
Aspen Technology
Aspen Technology is a global leader in industrial software.
1001-5000 employees
H1B Sponsorship
Aspen Technology has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2022 (31)
2021 (32)
2020 (45)
Funding
Current Stage
Public CompanyTotal Funding
$7.3BKey Investors
Emerson
2025-01-27Post Ipo Secondary· $7.2B
2025-01-27Acquired
2003-08-19Post Ipo Debt· $100M
Leadership Team
David Baker
Senior Vice President, CFO
Recent News
Private Capital Journal
2026-01-07
Company data provided by crunchbase