Principal SaaS Security Engineer

Our world is transforming, and PTC is leading the way. Our software brings the physical and digital worlds together, enabling companies to improve operations, create better products, and empower people in all aspects of their business. 

Our people make all the difference in our success. Today, we are a global team of nearly 7,000 and our main objective is to create opportunities for our team members to explore, learn, and grow – all while seeing their ideas come to life and celebrating the differences that make us who we are and the work we do possible.  

Principal Security Engineer-SaaS

JR110938

Onshape is a next-generation, global Software-as-a-Service (SaaS) product development platform that helps businesses of all sizes modernize and accelerate their design and manufacturing processes. The cloud-native platform is the only all-in-one system that combines robust computer-aided design (CAD) with powerful data management and collaboration tools. Onshape helps extended design teams work together faster from any location and helps executives make better decisions with real-time business analytics and unprecedented visibility into their company’s operations.

We are seeking a Principal Security Engineer-SaaS to lead the design, implementation, and continuous improvement of security for our cloud-native SaaS platform. This role is deeply technical and hands-on, focused on threat detection, vulnerability management, secure architecture, and SecOps integration. Compliance knowledge (e.g., FedRAMP, NIST) is a plus but secondary to strong security engineering expertise.

Key Responsibilities

• Secure Architecture & Design
  • Architect and implement security controls for multi-tenant SaaS environments for both commercial and US federal customers
  • Harden cloud infrastructure (AWS preferred) and enforce least-privilege IAM policies.
  • Integrate encryption and key management solutions for data at rest and in transit.
• Threat Detection & Incident Response
  • Configure and monitor security tools like Wiz and Crowdstrike. Guide remediation efforts.
  • Develop and maintain SIEM rules and dashboards for real-time threat monitoring.
  • Lead incident response efforts, including root cause analysis and remediation.
• Vulnerability Management
  • Own vulnerability scanning, prioritization, and remediation across services.
  • Tune automated scanning in CI/CD pipelines using tools like Black Duck, or Checkmarx.
• DevSecOps & Automation
  • Build scripts and automation for security posture validation and drift detection.
• Collaboration & Leadership
  • Partner with engineering teams to integrate security best practices early in development.
  • Mentor junior engineers and advocate for secure coding principles.

Required Qualifications

• 8+ years in security engineering, with at least 3 years in SaaS or cloud-native environments (DevSecOps).
• Deep expertise in AWS security services (IAM, KMS, Security Hub, GuardDuty).
• Strong background in vulnerability management, SIEM tools (Splunk, Opensearch), and automation scripting (Terraform, Ansible, Python).
• Experience with container security and orchestration (Docker, Kubernetes).
• Experience securing Linux deployments.

Nice-to-Have

• Working knowledge of FedRAMP, NIST SP 800-53, or similar compliance processes.
• Relevant certifications: CISSP, CCSP, AWS Security Specialty.

Why Join Us?

• Work on cutting-edge SaaS security challenges.
• Influence architecture and security strategy at scale.
• Collaborate with a team passionate about building secure, resilient systems.

Work Environment:

The candidate may be required to participate in an on-call rotation to respond to security incidents.

The SecOps Engineer position will be a member of the Onshape Technical Operations team. This is a primarily US-based operations, site reliability, compliance, and security team. The team is part of Onshape Engineering and works very closely with other teams in engineering to deliver a reliable, secure service to our customers.

At PTC, we believe in the power of diverse ideas and perspectives. As a global company that values and respects all identities, cultures, and perspectives, we strive to create an inclusive PTC for ALL through an environment where everyone feels like they belong and are empowered to bring their true, authentic selves to work. Proud to be an Equal Opportunity Employer, we welcome applicants from all backgrounds and hire without regard to race, national origin, religion, age, color, ethnicity, ancestry, marital status, sex (including pregnancy), sexual orientation, gender identity, gender expression, genetic information, disability, veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

PTC endeavors to make ptc.com/careers accessible to all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact PTC's Talent Acquisition team at [email protected]. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Life at PTC is about more than working with today’s most cutting-edge technologies to transform the physical world. It’s about showing up as you are and working alongside some of today’s most talented industry leaders to transform the world around you. 

If you share our passion for problem-solving through innovation, you’ll likely become just as passionate about the PTC experience as we are. Are you ready to explore your next career move with us?

We respect the privacy rights of individuals and are committed to handling Personal Information responsibly and in accordance with all applicable privacy and data protection laws. Review our Privacy Policy here."