PTC
Overview
Principal SaaS Security Engineer - Hybrid - Boston. Onshape is a next-generation, global Software-as-a-Service (SaaS) product development platform. The role focuses on security operations and continuous monitoring of our commercial and US government cloud environments, with emphasis on FedRAMP Moderate, ITAR/EAR requirements, and NIST SP 800-53 controls. Key Responsibilities
Continuous Monitoring and Compliance: Lead the planning, implementation, and reporting of all FedRAMP continuous monitoring (ConMon) activities. Manage and submit monthly ConMon deliverables, including vulnerability scan results, Plan of Action and Milestones (POA&M) updates, and incident reports to the FedRAMP PMO, agency sponsor, and internal stakeholders. Ensure all documentation, such as the System Security Plan (SSP), is kept up-to-date and accurately reflects the current security posture. Security Engineering and Automation: Evaluate, deploy, and configure security tools and services in a large-scale, public cloud environment (100% AWS) to deliver a FedRAMP Moderate compliant service. Develop and manage defensive security tool rules, alerts, and dashboards to proactively detect threats and anomalies. Incident Response: Serve as a senior responder for security incidents within the FedRAMP authorization boundary. Lead incident response efforts, from initial triage and containment to mitigation and recovery. Ensure all incidents are reported in accordance with FedRAMP Incident Communications Procedures. Conduct post-mortem analysis of security incidents to identify root causes, implement defensive measures, and improve the incident response process. Threat and Vulnerability Management: Oversee comprehensive vulnerability management, including authenticated and unauthenticated scanning of systems, databases, containers, and web applications. Track and manage the remediation of vulnerabilities according to FedRAMP timeliness requirements (e.g., High-risk findings within 30 days). Implement and manage Intrusion Detection/Prevention Systems (IDPS) and host-based security systems to protect the system boundary and monitor for threats. Collaboration and Team Player: Act as a technical leader, mentoring junior engineers and promoting security best practices across engineering and operations teams. Collaborate with 3PAOs during annual assessments and audit readiness activities. Partner with other technical stakeholders to provide security expertise and ensure solutions align with compliance requirements. Required Qualifications
7-10 years of hands-on professional experience in security operations, security engineering, or a related field. US Citizen for security clearance requirements for FedRAMP. Experience with US federal compliance frameworks, specifically FedRAMP Moderate, ITAR and NIST SP 800-53 controls. Proven expertise with cloud security services (e.g., AWS IAM, GuardDuty, Security Hub). Extensive experience with SIEM platforms (e.g., SumoLogic, OpenSearch) for log analysis, alerting, and security monitoring. Strong knowledge of threat detection and incident response methodologies. Experience with vulnerability scanning tools (e.g., Wiz, CrowdStrike), triaging results, and managing remediation. Strong written communication skills, with the ability to articulate technical concepts to both technical and non-technical audiences. Security certifications are a plus (e.g., CISSP, GSEC, CEH). Ability to commute to the Seaport office 1-2 days a week. Work Environment
The candidate may be required to participate in an on-call rotation to respond to security incidents. The SecOps Engineer position will be a member of the Onshape Technical Operations team within Onshape Engineering, collaborating with other teams to deliver a reliable, secure service. PTC is an Equal Opportunity Employer and values diverse identities, cultures, and perspectives. Equal Opportunity and Privacy
PTC is committed to handling Personal Information responsibly and in accordance with all applicable privacy and data protection laws. Review our Privacy Policy here.
#J-18808-Ljbffr
Principal SaaS Security Engineer - Hybrid - Boston. Onshape is a next-generation, global Software-as-a-Service (SaaS) product development platform. The role focuses on security operations and continuous monitoring of our commercial and US government cloud environments, with emphasis on FedRAMP Moderate, ITAR/EAR requirements, and NIST SP 800-53 controls. Key Responsibilities
Continuous Monitoring and Compliance: Lead the planning, implementation, and reporting of all FedRAMP continuous monitoring (ConMon) activities. Manage and submit monthly ConMon deliverables, including vulnerability scan results, Plan of Action and Milestones (POA&M) updates, and incident reports to the FedRAMP PMO, agency sponsor, and internal stakeholders. Ensure all documentation, such as the System Security Plan (SSP), is kept up-to-date and accurately reflects the current security posture. Security Engineering and Automation: Evaluate, deploy, and configure security tools and services in a large-scale, public cloud environment (100% AWS) to deliver a FedRAMP Moderate compliant service. Develop and manage defensive security tool rules, alerts, and dashboards to proactively detect threats and anomalies. Incident Response: Serve as a senior responder for security incidents within the FedRAMP authorization boundary. Lead incident response efforts, from initial triage and containment to mitigation and recovery. Ensure all incidents are reported in accordance with FedRAMP Incident Communications Procedures. Conduct post-mortem analysis of security incidents to identify root causes, implement defensive measures, and improve the incident response process. Threat and Vulnerability Management: Oversee comprehensive vulnerability management, including authenticated and unauthenticated scanning of systems, databases, containers, and web applications. Track and manage the remediation of vulnerabilities according to FedRAMP timeliness requirements (e.g., High-risk findings within 30 days). Implement and manage Intrusion Detection/Prevention Systems (IDPS) and host-based security systems to protect the system boundary and monitor for threats. Collaboration and Team Player: Act as a technical leader, mentoring junior engineers and promoting security best practices across engineering and operations teams. Collaborate with 3PAOs during annual assessments and audit readiness activities. Partner with other technical stakeholders to provide security expertise and ensure solutions align with compliance requirements. Required Qualifications
7-10 years of hands-on professional experience in security operations, security engineering, or a related field. US Citizen for security clearance requirements for FedRAMP. Experience with US federal compliance frameworks, specifically FedRAMP Moderate, ITAR and NIST SP 800-53 controls. Proven expertise with cloud security services (e.g., AWS IAM, GuardDuty, Security Hub). Extensive experience with SIEM platforms (e.g., SumoLogic, OpenSearch) for log analysis, alerting, and security monitoring. Strong knowledge of threat detection and incident response methodologies. Experience with vulnerability scanning tools (e.g., Wiz, CrowdStrike), triaging results, and managing remediation. Strong written communication skills, with the ability to articulate technical concepts to both technical and non-technical audiences. Security certifications are a plus (e.g., CISSP, GSEC, CEH). Ability to commute to the Seaport office 1-2 days a week. Work Environment
The candidate may be required to participate in an on-call rotation to respond to security incidents. The SecOps Engineer position will be a member of the Onshape Technical Operations team within Onshape Engineering, collaborating with other teams to deliver a reliable, secure service. PTC is an Equal Opportunity Employer and values diverse identities, cultures, and perspectives. Equal Opportunity and Privacy
PTC is committed to handling Personal Information responsibly and in accordance with all applicable privacy and data protection laws. Review our Privacy Policy here.
#J-18808-Ljbffr