Principal Product Security Engineer
Bedford, Massachusetts, United States of America
Full Time
2 hours ago
$120,900 - $151,100 USD
Visa Sponsor
Key skills
AWSAzureCloudRealmNegotiationCloud Security
About this role
Role Overview
- Responsible for supporting the design, implementation, and oversight of Product Secure Development Lifecycle.
- Including aspects such as security requirements, secure architecture/design, risk assessment, threat models, security scanning, triage and vulnerability management, and product security validation/verification.
- Administers product security practices to product teams, technology, and security champions across the organization.
- Drive Product Security efforts to resolve challenges, enable automation, and impact organization security culture.
- Monitors information security best practices, standards, regulations, industry threats and risks for improvements to product security practices.
- Maintains a deep understanding of current issues in the realm of information security.
- Evaluates vulnerability impact and formulates and executes risk mitigation plans for product security.
- Member of the AspenTech Security Emergency Response Team (ASERT) providing expert analysis of security customer reported security incidents.
- Works with information resource owners during and after security incidents; work with product teams for analysis; recommends best practices and solutions.
Requirements
- Bachelor’s degree (B.A./B.S.) or equivalent in computer science or technical equivalent discipline from an accredited college or university required.
- 8+ years of experience in IT required.
- 5+ years of experience in an information security role or experience with security and development teams.
- Knowledge of information security regulatory requirements for privacy, secure by design, and defense in depth.
- Maintains broad understanding of information security including ISO27002, NIST and other information security frameworks and regulations.
- Experience with Application/Product Security, Risk Assessment, Threat Models, Secure Architecture/Design, Security Scanning. (SAST, DAST, SCA, cloud security configuration scanning)
- Experience with cloud solutions such as Azure and AWS.
- Experience with security policy, procedures, tools, services, and cloud security models.
- Demonstrated ability to plan, design, develop, deploy, and maintain application security best practices.
- Ability to assume high levels of responsibility and to work with a minimum of day-to-day supervision.
- Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy.
Tech Stack
- AWS
- Azure
- Cloud
- Realm
Benefits
- Paid time off
- Charitable giveback day
- Medical/dental/vision insurance
- Retirement benefits