PTC
This range is provided by PTC. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Overview
PTC-Technical Recruiting Leader | Talent Acquisition Strategist | Global Recruitment Expert | AI Advocate Principal SaaS Security Engineer Onshape is a next-generation, global Software-as-a-Service (SaaS) product development platform that helps businesses modernize and accelerate their design and manufacturing processes. The cloud-native platform combines robust computer-aided design (CAD) with data management and collaboration tools. Onshape enables extended design teams to work together from any location and provides executives with real-time business analytics and visibility into operations. As a
Principal SaaS Security Engineer , you will be a subject matter expert responsible for security operations and continuous monitoring of our commercial and US government cloud environments. The government environment supports ITAR/EAR requirements and is pursuing a FedRAMP Moderate ATO. You will play a critical role in maintaining compliance with NIST SP 800-53 controls, driving incident response, and enhancing our security posture through automation, engineering best practices, and mentoring. This role requires deep technical expertise in cloud security and experience with US federal security and compliance frameworks. Key Responsibilities
Continuous Monitoring and Compliance: Lead the planning, implementation, and reporting of all FedRAMP continuous monitoring (ConMon) activities. Continuous Monitoring and Compliance: Manage and submit monthly ConMon deliverables, including vulnerability scan results, Plan of Action and Milestones (POA&M) updates, and incident reports to the FedRAMP Program Management Office (PMO), agency sponsor, and Internal Stakeholders. Continuous Monitoring and Compliance: Ensure all necessary documentation, such as the System Security Plan (SSP), is kept up-to-date and accurately reflects the current security posture. Security Engineering and Automation: Evaluate, deploy, and configure security tools and services in a large-scale, public cloud environment (100% AWS) to deliver a FedRAMP Moderate compliant service. Security Engineering and Automation: Develop and manage defensive security tool rules, alerts, and dashboards to proactively detect threats and anomalies. Security Engineering and Automation: Serve as a senior responder for security incidents within the FedRAMP authorization boundary. Security Engineering and Automation: Lead incident response efforts, from initial triage and containment to mitigation and recovery. Security Engineering and Automation: Ensure all incidents are reported in accordance with FedRAMP Incident Communications Procedures. Security Engineering and Automation: Conduct post-mortem analysis of security incidents to identify root causes, implement defensive measures, and improve the incident response process. Threat and Vulnerability Management: Oversee comprehensive vulnerability management, including authenticated and unauthenticated scanning of systems, databases, containers, and web applications. Threat and Vulnerability Management: Track and manage the remediation of vulnerabilities according to FedRAMP timeliness requirements (e.g., High-risk findings within 30 days). Threat and Vulnerability Management: Implement and manage Intrusion Detection/Prevention Systems (IDPS) and host-based security systems to protect the system boundary and monitor for threats. Collaboration and Team Player: Act as a technical leader, mentoring junior engineers and promoting security best practices across engineering and operations teams. Collaboration and Team Player: Collaborate with 3PAOs (Third-Party Assessment Organizations) during annual assessments and audit readiness activities. Collaboration and Team Player: Partner with other technical stakeholders to provide security expertise and ensure solutions align with compliance requirements. Required Qualifications
7-10 years of hands-on professional experience in security operations, security engineering, or a related field. US Citizen for security clearance requirements for FedRAMP. Experience with US federal compliance frameworks, specifically FedRAMP Moderate, ITAR and NIST SP 800-53 controls. Proven expertise with cloud security services (e.g., AWS IAM, GuardDuty, Security Hub). Extensive experience with SIEM platforms (e.g., SumoLogic, OpenSearch) for log analysis, alerting, and security monitoring. Strong knowledge of threat detection and incident response methodologies. Experience with vulnerability scanning tools (e.g., Wiz, CrowdStrike), triaging results, and managing remediation. Strong written communication skills, with the ability to articulate technical concepts to both technical and non-technical audiences. Security certifications are a plus (e.g., CISSP, GSEC, CEH). The candidate may be required to participate in an on-call rotation to respond to security incidents. The Principal SaaS Security Engineer position will be a member of the Onshape Technical Operations team. This is a primarily US-based operation, site reliability, compliance, and security team. The team is part of Onshape Engineering and works closely with other teams in engineering to deliver a reliable, secure service to our customers. PTC carefully considers a wide variety of factors when determining compensation. The anticipated annual salary range for this position is between $118,000-165,000. The salary range reflects a good-faith estimate of compensation at the time of posting. Actual compensation may vary based on a candidate's skills, qualifications, experience, and location. Additionally, candidates may be eligible for a performance-based bonus. Employees also have the opportunity to become a PTC shareholder through our employee share purchase program (ESPP), which allows for the purchase of discounted PTC stock. Certain roles may also be eligible for participation in our equity programs. Employees may be eligible for medical, dental and vision insurance, paid time off and sick leave, tuition reimbursement, 401(k) contributions and employer match, flexible spending accounts, life insurance, disability coverage and, if you are an office-assigned employee, a generous commuter subsidy. All total rewards and benefits programs are subject to applicable plan eligibility. For more information about PTC’s comprehensive benefits, please visit our Careers Page. Applications will be accepted on an on-going basis.
#J-18808-Ljbffr
PTC-Technical Recruiting Leader | Talent Acquisition Strategist | Global Recruitment Expert | AI Advocate Principal SaaS Security Engineer Onshape is a next-generation, global Software-as-a-Service (SaaS) product development platform that helps businesses modernize and accelerate their design and manufacturing processes. The cloud-native platform combines robust computer-aided design (CAD) with data management and collaboration tools. Onshape enables extended design teams to work together from any location and provides executives with real-time business analytics and visibility into operations. As a
Principal SaaS Security Engineer , you will be a subject matter expert responsible for security operations and continuous monitoring of our commercial and US government cloud environments. The government environment supports ITAR/EAR requirements and is pursuing a FedRAMP Moderate ATO. You will play a critical role in maintaining compliance with NIST SP 800-53 controls, driving incident response, and enhancing our security posture through automation, engineering best practices, and mentoring. This role requires deep technical expertise in cloud security and experience with US federal security and compliance frameworks. Key Responsibilities
Continuous Monitoring and Compliance: Lead the planning, implementation, and reporting of all FedRAMP continuous monitoring (ConMon) activities. Continuous Monitoring and Compliance: Manage and submit monthly ConMon deliverables, including vulnerability scan results, Plan of Action and Milestones (POA&M) updates, and incident reports to the FedRAMP Program Management Office (PMO), agency sponsor, and Internal Stakeholders. Continuous Monitoring and Compliance: Ensure all necessary documentation, such as the System Security Plan (SSP), is kept up-to-date and accurately reflects the current security posture. Security Engineering and Automation: Evaluate, deploy, and configure security tools and services in a large-scale, public cloud environment (100% AWS) to deliver a FedRAMP Moderate compliant service. Security Engineering and Automation: Develop and manage defensive security tool rules, alerts, and dashboards to proactively detect threats and anomalies. Security Engineering and Automation: Serve as a senior responder for security incidents within the FedRAMP authorization boundary. Security Engineering and Automation: Lead incident response efforts, from initial triage and containment to mitigation and recovery. Security Engineering and Automation: Ensure all incidents are reported in accordance with FedRAMP Incident Communications Procedures. Security Engineering and Automation: Conduct post-mortem analysis of security incidents to identify root causes, implement defensive measures, and improve the incident response process. Threat and Vulnerability Management: Oversee comprehensive vulnerability management, including authenticated and unauthenticated scanning of systems, databases, containers, and web applications. Threat and Vulnerability Management: Track and manage the remediation of vulnerabilities according to FedRAMP timeliness requirements (e.g., High-risk findings within 30 days). Threat and Vulnerability Management: Implement and manage Intrusion Detection/Prevention Systems (IDPS) and host-based security systems to protect the system boundary and monitor for threats. Collaboration and Team Player: Act as a technical leader, mentoring junior engineers and promoting security best practices across engineering and operations teams. Collaboration and Team Player: Collaborate with 3PAOs (Third-Party Assessment Organizations) during annual assessments and audit readiness activities. Collaboration and Team Player: Partner with other technical stakeholders to provide security expertise and ensure solutions align with compliance requirements. Required Qualifications
7-10 years of hands-on professional experience in security operations, security engineering, or a related field. US Citizen for security clearance requirements for FedRAMP. Experience with US federal compliance frameworks, specifically FedRAMP Moderate, ITAR and NIST SP 800-53 controls. Proven expertise with cloud security services (e.g., AWS IAM, GuardDuty, Security Hub). Extensive experience with SIEM platforms (e.g., SumoLogic, OpenSearch) for log analysis, alerting, and security monitoring. Strong knowledge of threat detection and incident response methodologies. Experience with vulnerability scanning tools (e.g., Wiz, CrowdStrike), triaging results, and managing remediation. Strong written communication skills, with the ability to articulate technical concepts to both technical and non-technical audiences. Security certifications are a plus (e.g., CISSP, GSEC, CEH). The candidate may be required to participate in an on-call rotation to respond to security incidents. The Principal SaaS Security Engineer position will be a member of the Onshape Technical Operations team. This is a primarily US-based operation, site reliability, compliance, and security team. The team is part of Onshape Engineering and works closely with other teams in engineering to deliver a reliable, secure service to our customers. PTC carefully considers a wide variety of factors when determining compensation. The anticipated annual salary range for this position is between $118,000-165,000. The salary range reflects a good-faith estimate of compensation at the time of posting. Actual compensation may vary based on a candidate's skills, qualifications, experience, and location. Additionally, candidates may be eligible for a performance-based bonus. Employees also have the opportunity to become a PTC shareholder through our employee share purchase program (ESPP), which allows for the purchase of discounted PTC stock. Certain roles may also be eligible for participation in our equity programs. Employees may be eligible for medical, dental and vision insurance, paid time off and sick leave, tuition reimbursement, 401(k) contributions and employer match, flexible spending accounts, life insurance, disability coverage and, if you are an office-assigned employee, a generous commuter subsidy. All total rewards and benefits programs are subject to applicable plan eligibility. For more information about PTC’s comprehensive benefits, please visit our Careers Page. Applications will be accepted on an on-going basis.
#J-18808-Ljbffr