PTC · 12 hours ago
Staff Product Security Engineer
United States
Full-time
Remote
Senior Level, Lead/Staff
$105K/yr - $155K/yr
5+ years expPTC is a global leader in software solutions that bridge the physical and digital worlds, aiming to enhance operations and innovation for manufacturers. They are seeking a Staff Product Security Engineer to provide cybersecurity expertise for securing SaaS applications and to assist in developing security requirements and conducting risk assessments.
Computer Software
No H1B
U.S. Citizen Only
Responsibilities
Serves as a subject matter expert (SME) on Information Security
Identify and implement new security technologies and best practices
Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls
Reduce time-to-detect and time-to-remediate by driving the automation of applied threat intelligence and sensor enrichment
Guide and influence multi-disciplinary teams in implementing and operating Cyber Security controls
Consults with internal teams on engineering designs and development of cloud-based systems to ensure security is built-in
Learns with agility; empowered to update and enhance current security practices, tooling, and documentation
Qualification
Required
US Citizen or Green Card holder based in the US required to meet ITAR Compliance and regulatory requirements
Bachelor's degree in computer science, Information Security, Engineering, or an equivalent combination of practical experience
5+ years of experience in Application Security, Product Security, or Software Security Engineering
Strong knowledge of Secure Software Development Lifecycle (SSDLC) practices
Hands-on experience with threat modeling, secure design reviews, and application security assessments
In-depth understanding of OWASP Top 10 and OWASP API Top 10
Experience using SAST, DAST, SCA, and secrets scanning tools and integrating them in CI/CD
Proficiency in at least one programming language: Java, Python, JavaScript/TypeScript, or Go
Experience securing mobile applications, including offline data and sync workflows
Secure REST and event-driven APIs used by customers, partners, and internal services
Exposure to AI/ML security, responsible AI practices, or model risk management
Strong understanding of cloud platforms (AWS, Azure, or GCP)
Strong written and verbal communication skills with the ability to partner effectively with engineering and product teams
Preferred
Experience securing Salesforce-based applications (Apex, Lightning, Salesforce security model)
Experience integrating security controls into CI/CD pipelines (DevSecOps)
Familiarity with container and Kubernetes security
Knowledge of OAuth 2.0, OpenID Connect (OIDC), JWT, and identity/security patterns
Experience with Infrastructure as Code (IaC) security (Terraform, CloudFormation, ARM)
Experience working in regulated or compliance-driven environments
Familiarity with ISO 27001, SOC 2, NIST, or FedRAMP frameworks
Security certifications such as GWAPT, OSWE, CSSLP, CISSP, or CCSP
Benefits
Performance-based bonus
Employee share purchase program (ESPP)
Medical, dental and vision insurance
Paid time off and sick leave
Tuition reimbursement
401(k) contributions and employer match
Flexible spending accounts
Life insurance
Disability coverage
Generous commuter subsidy
Company
PTC
PTC (NASDAQ: PTC) unleashes industrial innovation with award-winning, market-proven solutions that enable companies to differentiate their products and services, improve operational excellence, and increase workforce productivity.
5001-10000 employees
Funding
Current Stage
Late StageLeadership Team
Marcus Senior,PMP, CSM, MSP, and Lean Six-Sigma
Chief Executive Officer
Danny N. Poisson
TVP, Chief Technology Officer for Federal Aerospace & Defense
Recent News
2025-10-03
Company data provided by crunchbase