Staff Product Security Engineer

Our world is transforming, and PTC is leading the way. Our software brings the physical and digital worlds together, enabling companies to improve operations, create better products, and empower people in all aspects of their business. 

Our people make all the difference in our success. Today, we are a global team of nearly 7,000 and our main objective is to create opportunities for our team members to explore, learn, and grow – all while seeing their ideas come to life and celebrating the differences that make us who we are and the work we do possible.  

PTC enables global manufacturers to realize double-digit impact with software solutions that enable them to accelerate product and service innovation, improve operational efficiency, and increase workforce productivity. In combination with an extensive partner network, PTC provides customers flexibility in how its technology can be deployed to drive digital transformation – on premises, in the cloud, or via its pure SaaS platform. At PTC, we don't just imagine a better world, we enable it.

Staff Product Security Engineer

You’ll be responsible for helping secure PTC by providing cyber security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure our SaaS applications, containers, operating systems, databases, and networks. Additionally, the Security Engineer assists in the development of cyber security requirements, conducts security risk assessments, evaluates security services and technologies, and reviews and documents information security policies and procedures as well as provides monitoring and oversight for alerts in this environment.

Our SaaS Security Team is small but growing.  So, we all do what it takes and use all the skills in our personal arsenals to continue to evolve PTC’s SaaS Security posture.  Our environment is fast, friendly, and dynamic. 

Day-To-Day:

• Serves as a subject matter expert (SME) on Information Security.

• Identify and implement new security technologies and best practices.

• Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls.

• Reduce time-to-detect and time-to-remediate by driving the automation of applied threat intelligence and sensor enrichment.

• Guide and influence multi-disciplinary teams in implementing and operating Cyber Security controls.

• Consults with internal teams on engineering designs and development of cloud-based systems to ensure security is built-in.

• Learns with agility; empowered to update and enhance current security practices, tooling, and documentation.

Must Have

• US Citizen or Green Card holder based in the US required to meet ITAR Compliance and regulatory requirements.

• Bachelor's degree in computer science, Information Security, Engineering, or an equivalent combination of practical experience.

• 5+ years of experience in Application Security, Product Security, or Software Security Engineering.

• Strong knowledge of Secure Software Development Lifecycle (SSDLC) practices.

• Hands-on experience with threat modeling, secure design reviews, and application security assessments.

• In-depth understanding of OWASP Top 10 and OWASP API Top 10.

• Experience using SAST, DAST, SCA, and secrets scanning tools and integrating them in CI/CD.

• Proficiency in at least one programming language: Java, Python, JavaScript/TypeScript, or Go.

• Experience securing mobile applications, including offline data and sync workflows.

• Secure REST and event-driven APIs used by customers, partners, and internal services.

• Exposure to AI/ML security, responsible AI practices, or model risk management.

• Strong understanding of cloud platforms (AWS, Azure, or GCP).

• Strong written and verbal communication skills with the ability to partner effectively with engineering and product teams.

Nice to Have

• Experience securing Salesforce-based applications (Apex, Lightning, Salesforce security model).

• Experience integrating security controls into CI/CD pipelines (DevSecOps).

• Familiarity with container and Kubernetes security.

• Knowledge of OAuth 2.0, OpenID Connect (OIDC), JWT, and identity/security patterns.

• Experience with Infrastructure as Code (IaC) security (Terraform, CloudFormation, ARM).

• Experience working in regulated or compliance-driven environments.

• Familiarity with ISO 27001, SOC 2, NIST, or FedRAMP frameworks.

• Security certifications such as GWAPT, OSWE, CSSLP, CISSP, or CCSP.

At PTC, we believe in the power of diverse ideas and perspectives. As a global company that values and respects all identities, cultures, and perspectives, we strive to create an inclusive PTC for ALL through an environment where everyone feels like they belong and are empowered to bring their true, authentic selves to work. Proud to be an Equal Opportunity Employer, we welcome applicants from all backgrounds and hire without regard to race, national origin, religion, age, color, ethnicity, ancestry, marital status, sex (including pregnancy), sexual orientation, gender identity, gender expression, genetic information, disability, veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

PTC endeavors to make ptc.com/careers accessible to all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact PTC's Talent Acquisition team at [email protected]. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Life at PTC is about more than working with today’s most cutting-edge technologies to transform the physical world. It’s about showing up as you are and working alongside some of today’s most talented industry leaders to transform the world around you. 

If you share our passion for problem-solving through innovation, you’ll likely become just as passionate about the PTC experience as we are. Are you ready to explore your next career move with us?

We respect the privacy rights of individuals and are committed to handling Personal Information responsibly and in accordance with all applicable privacy and data protection laws. Review our Privacy Policy here."