Senior Director - SaaS, Cloud & Product Security

About The Position

Requirements

• AI-first approach to securing securing SaaS and cloud-native architectures (multi-tenancy, microservices, containers/Kubernetes, service meshes, CI/CD, infrastructure-as-code).
• Strong application & product security fundamentals (secure design, threat modeling, secure coding patterns, API security, authn/authz, cryptography, secrets management).
• Fluency with secure development frameworks and maturity models (e.g., NIST SSDF practice groups and outcomes; metrics-driven improvement).
• Strong stakeholder influence at senior levels—able to navigate ambiguity and drive alignment across Product, Engineering, Platform/SRE, and Compliance.
• 10+ years in security engineering and/or product security, with significant experience in cloud and SaaS environments.
• 5+ years leading managers and/or multiple teams, scaling security programs across multiple products or business units.
• Demonstrated success embedding security into engineering workflows (agile/DevOps) and improving release quality through automated testing and standard gates.
• Track record partnering with engineering leadership to influence architecture/roadmaps and drive remediation accountability.
• Experience supporting customer assurance and compliance obligations tied to secure development expectations (SSDF-aligned language helpful).
• Bachelor’s degree in Computer Science, Engineering, or equivalent practical experience.
• Proven people leadership experience building and scaling security teams.

Responsibilities

• Set strategy & operating model: Define and execute a multi-year product/security strategy and roadmap across AI, SaaS, cloud, and product lines; establish a durable operating rhythm.
• Lead the function: Operate, scale, and lead a product security organization (e.g., security architects, product security engineers, security champions enablement, AppSec tooling/program roles), including hiring, coaching, and performance management
• Embed security into the SDLC/DevSecOps: Ensure security is integrated into agile delivery through developer security training, design/architecture reviews, threat modeling, security user stories, automated security testing, penetration testing, and audit readiness.
• Architecture & design influence: Serve as a senior security advisor to engineering leadership; drive secure-by-design decisions for multi-tenant SaaS, APIs, identity, encryption, secrets, logging/monitoring, and tenant isolation.
• Secure SDLC governance & standards: Own or co-own secure development policies/standards, release security criteria, and “definition of done” expectations (e.g., required SAST/DAST/SCA gates; pre-release validation).
• Supply chain & third-party security: Define requirements for OSS and third-party components, including provenance, vulnerability monitoring, and secure acquisition/maintenance practices.
• Metrics & continuous improvement: Establish measurable outcomes and reporting frameworks to track program effectiveness (risk reduction, coverage, remediation speed, escaped defects, incident trends) and guide investment decisions.
• Cross-functional partnership: Partner with product engineering groups as trusted security counterparts across architecture, design, deployment, and runtime operations; influence backlogs and roadmaps without slowing delivery.
• Customer & regulatory assurance: Support customer security reviews, attestations, and compliance-driven requirements by translating expectations into practical engineering controls and evidence.

Benefits

• Employees also have the opportunity to become a PTC shareholder through our employee share purchase program (ESPP), which allows for the purchase of discounted PTC stock.
• Employees may be eligible for medical, dental and vision insurance, paid time off and sick leave, tuition reimbursement, 401(k) contributions and employer match, flexible spending accounts, life insurance, disability coverage and, if you are an office-assigned employee, a generous commuter subsidy.