Product Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Aspen Technology · 2 days ago

Product Security Engineer

positionBedford, MA
timeFull-time
remoteOnsite
seniorityEntry, Mid Level
money$82K/yr - $102K/yr
date1+ years exp

Aspen Technology is a company that values innovation and community, seeking to enhance its operations through the role of a Product Security Engineer. This role involves overseeing product security practices, driving risk assessments, and collaborating with development teams to ensure secure development processes.

IndustrialIndustrial AutomationIndustrial ManufacturingManufacturingSoftwareSupply Chain ManagementSustainability
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Responsible for supporting the design, implementation, and oversight of Product Secure Development Lifecycle. Including aspects such as security requirements, secure architecture/design, risk assessment, threat models, security scanning, triage, vulnerability management, security design reviews and product security validation/verification
Administers product security practices to product teams, technology, and security champions across the organization
Drive Product Security efforts to resolve challenges, enable automation, and impact organization security culture
Monitors information security best practices, standards, regulations, industry threats and risks for improvements to product security practices
Maintains a deep understanding of current issues in the realm of information security. Subscribes to major industry newsgroups and mailing lists and assesses the impact of all emerging issues on systems and practices at Aspen Technology
Monitors security bulletins and alerts from all Aspen Technology’s information system vendors. Evaluates vulnerability impact and formulates and executes risk mitigation plans for product security
Member of the AspenTech Security Emergency Response Team (ASERT) providing expert analysis of security customer reported security incidents. Works with information resource owners during and after security incidents; work with product teams for analysis; recommends best practices and solutions. Where appropriate, work with product teams, technology teams, client support and customer contacts
Occasionally after hours and weekends work to perform tasks that cannot be done during business hours

Qualification

Information SecurityRisk AssessmentThreat ModelsSecure Architecture/DesignCloud SecurityApplication SecurityComplianceVulnerability ManagementCISSPCISACCSPCSSLPCEHSANS GIACOWASPDevSecOpsSAFE/Agile

Required

Bachelor's degree (B.A./B.S.) or equivalent in computer science or technical equivalent discipline from an accredited college or university required
1-3 years of experience in IT required
1-3 years of experience in an information security role or experience with security and development teams
Knowledge of information security regulatory requirements for privacy, secure by design, secure by default and defense in depth
Maintains a broad understanding of information security including ISO27002, NIST 800 and information security frameworks and regulations
Demonstrated ability to plan, design, develop, deploy, and maintain application security best practices
Ability to assume high levels of responsibility and to work with a minimum of day-to-day supervision
Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy
Experience with Application development technologies, processes, and best practices. For example: SAFE/Agile, RUP, CICD, DevSecOps

Preferred

Desired experience with Application/Product Security, Risk Assessment, Threat Models, Secure Architecture/Design, compliance, and audit
Desired experience with cloud solutions such as Azure and AWS - Experience with security policy, procedures, tools, services, and cloud security models
Preferable exposure to the following: IEC 62443-4-1, IEC 62443-4-2, NIST 800-53, ISO 27001, ISO 27002, Cloud Security Alliance (CSA), Cybersecurity and Infrastructure Security Agency (CISA), SANS, OWASP, CWE 25, and AI Security best practices
Desired domain knowledge and/or certification: CISSP, CISA, CCSP, CSSLP, CEH, SANS GIAC, security certification from AWS or Azure
Desired knowledge of the following Technologies: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA)
Desired experience with Application Security Best Practices such as web security, cloud security, pen testing, fuzz testing, security coding guidelines, security architecture/design principles, CVSS, STRIDE, DREAD

Benefits

Paid time off
Charitable giveback day
Medical/dental/vision insurance
Retirement benefits

Company

Aspen Technology

twittertwittertwitter
company-logo
Aspen Technology is a global leader in industrial software.
dateFounded in 1981
location
Bedford, Massachusetts, USA
people-size1001-5000 employees
web-link
http://www.aspentech.com

Funding

Current Stage
Public Company
Total Funding
$7.3B
Key Investors
Emerson
2025-01-27Post Ipo Secondary· $7.2B
2025-01-27Acquired
2003-08-19Post Ipo Debt· $100M

Leadership Team

leader-logo
David Baker
Senior Vice President, CFO
linkedin

Recent News

Private Capital Journal
McRock Capital final closes governments-backed third fund
2026-01-07
BetaKit
McRock Capital closes $120 million in third fund, backing industrial software startups
2026-01-06
EIN Presswire
Industrial Automation and Control Systems Market Size to Reach USD 372.85 Billion by 2032: Share & Competitive Analysis
2025-11-28
Company data provided by crunchbase