Principal Product Security Engineer

Job Description

Company: Aspen Technology, Inc.

Location: Bedford, US

Role Overview

Under the direction of the VP of Product Security, the Principal Security Engineer plays a key role in the day‑to‑day operations of Product Security at Aspen Technology. The role protects clients, enables teams to deliver secure development, and positions the organization for future security needs.
Responsibilities
• Develop threat models and conduct risk assessments.
• Review alignment of standard controls to mitigate risks in products.
• Oversee vulnerability tracking, triage, and vulnerability management.
• Ensure security documentation and compliance with security lifecycle activities for product releases.
• Support compliance documents, secure patch releases, security incidents, and security communications.
• Participate in the security champion program and product security verification/validation activities.
• Administer product security practices to product teams, technology, and security champions across the organization.
• Monitor industry threats, standards, regulations, and security bulletins.
• Evaluate vulnerability impact and formulate risk mitigation plans.
• Serve on the AspenTech Security Emergency Response Team (ASERT) providing expert analysis of customer‑reported incidents.
• Collaborate with product teams, technology teams, client support, and customer contacts during incidents.
• Perform after‑hours or weekend tasks when necessary.
Qualifications
• Bachelor’s degree in computer science or related field (or equivalent experience) from an accredited college or university.
• 5+ years of experience in an information security role or with security and development teams.
• Experience with application/product security, risk assessment, threat modeling, secure architecture/design, and security scanning.
• Demonstrated ability to plan, design, develop, deploy, and maintain application security best practices.
• Knowledge of information security regulatory requirements (privacy, secure-by-design, defense-in-depth).
• Understanding of ISO27002, NIST, and other security frameworks and regulations.
• Experience with cloud solutions such as Azure and AWS, including security policy, procedures, and cloud security models.
• Ability to work with minimal supervision, build consensus through negotiation and diplomacy, and collaborate across all organizational levels.
• Preferred exposure to IEC62443‑4‑1, IEC62443‑4‑2, NIST800‑53, ISO27001, ISO27002, CSA, CISA, SANS, OWASP, CWE25, ethical hacking, AI security best practices, CISSP, CISA, CCSP, CSSLP, CEH, GIAC certifications.
• Preferred knowledge of SAST, DAST, SCA, static and dynamic application security testing, software composition analysis, and application security best practices such as web security, cloud security, pen testing, fuzz testing, and coding guidelines.
• Experience in Agile, RUP, CICD, DevSecOps, and security architecture/design principles (STRIDE, DREAD, CVSS).
Salary and Benefits

The salary range for this role is $120,900.00 – $151,100.00. This range represents the projected base compensation for this role at the time of posting. The role may also be eligible for bonus or variable incentive pay. Comprehensive benefits include paid time off, charitable giveback days, medical/dental/vision insurance, and retirement benefits.
Equal Opportunity Statement

AspenTech is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of age, race, color, religion, creed, ancestry, sex, gender identity, sexual orientation, pregnancy, marital status, familial status, or national origin. Reasonable accommodations are provided for qualified individuals with disabilities or religious needs. Applicants may request accommodations by contacting .

#J-18808-Ljbffr

Source: Jobrapido