Principal SaaS Security Engineer

Pilot Thomas Logistics•Boston, MA

About The Position

Our world is transforming, and PTC is leading the way. Our software brings the physical and digital worlds together, enabling companies to improve operations, create better products, and empower people in all aspects of their business. Our people make all the difference in our success. Today, we are a global team of nearly 7,000 and our main objective is to create opportunities for our team members to explore, learn, and grow – all while seeing their ideas come to life and celebrating the differences that make us who we are and the work we do possible. Principal Security Engineer-SaaS JR110938 Onshape is a next-generation, global Software-as-a-Service (SaaS) product development platform that helps businesses of all sizes modernize and accelerate their design and manufacturing processes. The cloud-native platform is the only all-in-one system that combines robust computer-aided design (CAD) with powerful data management and collaboration tools. Onshape helps extended design teams work together faster from any location and helps executives make better decisions with real-time business analytics and unprecedented visibility into their company’s operations. We are seeking a Principal Security Engineer-SaaS to lead the design, implementation, and continuous improvement of security for our cloud-native SaaS platform. This role is deeply technical and hands-on, focused on threat detection, vulnerability management, secure architecture, and SecOps integration . Compliance knowledge (e.g., FedRAMP, NIST) is a plus but secondary to strong security engineering expertise.

Requirements

8+ years in security engineering, with at least 3 years in SaaS or cloud-native environments (DevSecOps).
Deep expertise in AWS security services (IAM, KMS, Security Hub, GuardDuty).
Strong background in vulnerability management, SIEM tools (Splunk, Opensearch), and automation scripting (Terraform, Ansible, Python).
Experience with container security and orchestration (Docker, Kubernetes).
Experience securing Linux deployments.

Nice To Haves

Working knowledge of FedRAMP, NIST SP 800-53, or similar compliance processes .
Relevant certifications: CISSP, CCSP, AWS Security Specialty.

Responsibilities

Secure Architecture & Design Architect and implement security controls for multi-tenant SaaS environments for both commercial and US federal customers
Harden cloud infrastructure (AWS preferred) and enforce least-privilege IAM policies.
Integrate encryption and key management solutions for data at rest and in transit.
Threat Detection & Incident Response Configure and monitor security tools like Wiz and Crowdstrike.
Guide remediation efforts.
Develop and maintain SIEM rules and dashboards for real-time threat monitoring.
Lead incident response efforts, including root cause analysis and remediation.
Vulnerability Management Own vulnerability scanning, prioritization, and remediation across services.
Tune automated scanning in CI/CD pipelines using tools like Black Duck, or Checkmarx .
DevSecOps & Automation Build scripts and automation for security posture validation and drift detection.
Collaboration & Leadership Partner with engineering teams to integrate security best practices early in development.
Mentor junior engineers and advocate for secure coding principles.

Benefits

Eligible e mployees also have the opportunity to become a PTC shareholder through our employee share purchase program (ESPP) which allows for the purchase of discounted PTC stock .
E mployees may be eligible for medical, dental and vision insurance, paid time off and sick leave, tuition reimbursement, 401(k) contributions and employer match, flexible spending accounts, life insurance, disability coverage and if you are an office-assigned employee, a generous commuter subsidy.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume