Key skills
JavaScriptTypeScriptPythonJavaGoAIMLAWSAzureGCPTerraformKubernetesCloudFormationOAuthJWTSaaSSalesforceCI/CDRisk ManagementCommunicationOWASPPenetration Testing
About this role
PTC is a leading company transforming the physical and digital worlds through innovative software solutions. They are seeking a Staff Product Security Engineer responsible for providing cybersecurity expertise to secure SaaS applications, conduct security risk assessments, and develop security solutions and architectures.
Responsibilities:
- Serves as a subject matter expert (SME) on Information Security
- Identify and implement new security technologies and best practices
- Review security test results from vulnerability scans, penetration testing for true positives and propose appropriate remediation measures or mitigation controls
- Reduce time-to-detect and time-to-remediate by driving the automation of applied threat intelligence and sensor enrichment
- Guide and influence multi-disciplinary teams in implementing and operating Cyber Security controls
- Consults with internal teams on engineering designs and development of cloud-based systems to ensure security is built-in
- Learns with agility; empowered to update and enhance current security practices, tooling, and documentation
Requirements:
- US Citizen or Green Card holder based in the US required to meet ITAR Compliance and regulatory requirements
- Bachelor's degree in computer science, Information Security, Engineering, or an equivalent combination of practical experience
- 5+ years of experience in Application Security, Product Security, or Software Security Engineering
- Strong knowledge of Secure Software Development Lifecycle (SSDLC) practices
- Hands-on experience with threat modeling, secure design reviews, and application security assessments
- In-depth understanding of OWASP Top 10 and OWASP API Top 10
- Experience using SAST, DAST, SCA, and secrets scanning tools and integrating them in CI/CD
- Proficiency in at least one programming language: Java, Python, JavaScript/TypeScript, or Go
- Experience securing mobile applications, including offline data and sync workflows
- Secure REST and event-driven APIs used by customers, partners, and internal services
- Exposure to AI/ML security, responsible AI practices, or model risk management
- Strong understanding of cloud platforms (AWS, Azure, or GCP)
- Strong written and verbal communication skills with the ability to partner effectively with engineering and product teams
- Experience securing Salesforce-based applications (Apex, Lightning, Salesforce security model)
- Experience integrating security controls into CI/CD pipelines (DevSecOps)
- Familiarity with container and Kubernetes security
- Knowledge of OAuth 2.0, OpenID Connect (OIDC), JWT, and identity/security patterns
- Experience with Infrastructure as Code (IaC) security (Terraform, CloudFormation, ARM)
- Experience working in regulated or compliance-driven environments
- Familiarity with ISO 27001, SOC 2, NIST, or FedRAMP frameworks
- Security certifications such as GWAPT, OSWE, CSSLP, CISSP, or CCSP