Staff Product Security Engineer

About PTC

Our world is transforming, and PTC is leading the way. Our software brings the physical and digital worlds together, enabling companies to improve operations, create better products, and empower people in all aspects of their business. Our people make all the difference in our success. Today, we are a global team of nearly 7,000 and our main objective is to create opportunities for our team members to explore, learn, and grow – all while seeing their ideas come to life and celebrating the differences that make us who we are and the work we do possible. PTC enables global manufacturers to realize double-digit impact with software solutions that enable them to accelerate product and service innovation, improve operational efficiency, and increase workforce productivity. In combination with an extensive partner network, PTC provides customers flexibility in how its technology can be deployed to drive digital transformation – on premises, in the cloud, or via its pure SaaS platform. At PTC, we don't just imagine a better world, we enable it.

About the Role: Staff Product Security Engineer

As a Staff Product Security Engineer, you will be instrumental in securing PTC by providing cyber security expertise across various domains. This includes the analysis, assessment, development, and evaluation of security solutions and architectures to protect our SaaS applications, containers, operating systems, databases, and networks. Additionally, you will contribute to developing cyber security requirements, conducting security risk assessments, evaluating security services and technologies, and reviewing and documenting information security policies and procedures. You will also provide monitoring and oversight for security alerts within this environment.

The SaaS Security Team

Our SaaS Security Team is a small but rapidly growing unit where every member utilizes their full skillset to continually evolve PTC’s SaaS Security posture. Our environment is characterized by its fast-paced, friendly, and dynamic nature, fostering collaboration and innovation.

Day-To-Day Responsibilities:

• Serves as a subject matter expert (SME) on Information Security.
• Identify and implement new security technologies and best practices.
• Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls.
• Reduce time-to-detect and time-to-remediate by driving the automation of applied threat intelligence and sensor enrichment.
• Guide and influence multi-disciplinary teams in implementing and operating Cyber Security controls.
• Consults with internal teams on engineering designs and development of cloud-based systems to ensure security is built-in.
• Learns with agility; empowered to update and enhance current security practices, tooling, and documentation.

Required Qualifications:

• US Citizen or Green Card holder based in the US required to meet ITAR Compliance and regulatory requirements.
• Bachelor's degree in computer science, Information Security, Engineering, or an equivalent combination of practical experience.
• 5+ years of experience in Application Security, Product Security, or Software Security Engineering.
• Strong knowledge of Secure Software Development Lifecycle (SSDLC) practices.
• Hands-on experience with threat modeling, secure design reviews, and application security assessments.
• In-depth understanding of OWASP Top 10 and OWASP API Top 10.
• Experience using SAST, DAST, SCA, and secrets scanning tools and integrating them in CI/CD.
• Proficiency in at least one programming language: Java, Python, JavaScript/TypeScript, or Go.
• Experience securing mobile applications, including offline data and sync workflows.
• Secure REST and event-driven APIs used by customers, partners, and internal services.
• Exposure to AI/ML security, responsible AI practices, or model risk management.
• Strong understanding of cloud platforms (AWS, Azure, or GCP).
• Strong written and verbal communication skills with the ability to partner effectively with engineering and product teams.

Preferred Qualifications:

• Experience securing Salesforce-based applications (Apex, Lightning, Salesforce security model).
• Experience integrating security controls into CI/CD pipelines (DevSecOps).
• Familiarity with container and Kubernetes security.
• Knowledge of OAuth 2.0, OpenID Connect (OIDC), JWT, and identity/security patterns.
• Experience with Infrastructure as Code (IaC) security (Terraform, CloudFormation, ARM).
• Experience working in regulated or compliance-driven environments.
• Familiarity with ISO 27001, SOC 2, NIST, or FedRAMP frameworks.
• Security certifications such as GWAPT, OSWE, CSSLP, CISSP, or CCSP.

Compensation and Benefits:

PTC offers an anticipated annual salary range of $105,000 - $155,000, which reflects a good-faith estimate at the time of posting and may vary based on skills, qualifications, experience, and location. Candidates may also be eligible for a performance-based bonus and the employee share purchase program (ESPP) for discounted PTC stock. Depending on the role, participation in equity programs may also be available. Comprehensive benefits include medical, dental, and vision insurance, paid time off, sick leave, tuition reimbursement, 401(k) contributions with employer match, flexible spending accounts, life insurance, disability coverage, and a generous commuter subsidy for office-assigned employees. All total rewards and benefits are subject to applicable plan eligibility and terms.

Equal Opportunity Employer and Accessibility:

At PTC, diversity and inclusion are highly valued. We are an Equal Opportunity Employer, welcoming applicants from all backgrounds without regard to race, national origin, religion, age, color, ethnicity, ancestry, marital status, sex (including pregnancy), sexual orientation, gender identity, gender expression, genetic information, disability, veteran status, or any other characteristic protected by law. PTC is committed to making its careers website accessible. For assistance with accessibility or completing the application process, please contact PTC's Talent Acquisition team at TalentAcquisition@ptc.com (for accommodation requests only).

Life at PTC:

Life at PTC extends beyond working with cutting-edge technologies. It's about contributing your authentic self and collaborating with talented industry leaders to transform the world. If you're passionate about problem-solving through innovation, you'll find the PTC experience rewarding. We respect individual privacy rights; review our Privacy Policy for more information.

Key skills/competency

• Application Security
• Secure SDLC
• Threat Modeling
• Vulnerability Management
• Cloud Security
• DevSecOps
• API Security
• Mobile Security
• Security Automation
• Compliance Frameworks