Principal Product Security and Compliance Engineer

Our world is transforming, and PTC is leading the way. Our software brings the physical and digital worlds together, enabling companies to improve operations, create better products, and empower people in all aspects of their business.  Our people make all the difference in our success. Today, we are a global team of nearly 7,000 and our main objective is to create opportunities for our team members to explore, learn, and grow – all while seeing their ideas come to life and celebrating the differences that make us who we are and the work we do possible.   Job Title: Principal Product Security Engineer Role Overview The Principal Product Security Engineer is a senior technical leader responsible for safeguarding the security of products and services across the full Software Development Lifecycle (SDLC), with a strong emphasis on hands‑on application penetration testing. This role combines deep offensive security expertise with architectural judgment, secure design guidance, and cross‑organizational influence. As a principal‑level engineer, you will lead complex application security assessments across web applications, APIs, SaaS platforms, and emerging technologies (including AI‑driven solutions), while also shaping product security strategy, standards, and engineering practices. You will work closely with R&D, Product Management, Cloud, SaaS, and QA teams to ensure security is built in, not bolted on. This role is highly technical, execution‑focused, and requires the ability to both find and exploit real‑world vulnerabilities and drive durable remediation outcomes across multiple product lines. Key Responsibilities Application Penetration Testing & Offensive Security Lead and execute in‑depth manual application penetration testing across web applications, APIs, and LLM/AI enabled applications. Perform security testing aligned with OWASP Top 10, OWASP API Top 10, OWASP LLM/AI Top 10, CWE Top 25, and emerging attack classes. Identify complex attack paths, chained vulnerabilities, and business‑logic flaws beyond automated tool findings. Validate exploitability, determine real risk, and distinguish true positives from noise. Conduct secure code reviews to identify implementation flaws and support remediation. Re‑test fixes and mitigations to confirm effectiveness and risk reduction. SDLC, DevSecOps & Tooling Support security integration across the SDLC, including CI/CD pipelines and DevSecOps workflows. Support the use of SAST, DAST, SCA, secrets scanning, and container security tools. Support automation efforts to reduce time‑to‑detect and time‑to‑remediate. Partner with R&D teams to mature secure coding standards and shift‑left practices. Research & Continuous Improvement Research evolving threats, attack techniques, and defensive strategies, including AI/LLM security risks. Stay current on emerging security tooling, frameworks, and industry best practices. Continuously improve testing methodologies, reporting quality, and remediation effectiveness. Required Qualifications Bachelor’s degree in computer science, Software Engineering, Cybersecurity, or equivalent practical experience. 7+ years of experience in Product Security, Application Security, or Software Security Engineering. Extensive hands‑on experience conducting manual application penetration testing. Strong understanding of secure software development lifecycle (SSDLC) principles. Deep knowledge of OWASP Top 10, OWASP API Top 10, OWASP LLM/AI Top 10, CWE, CVSS, and vulnerability prioritization. Proficiency in at least one programming language such as Python, Java, JavaScript/TypeScript, Go, or C/C++. Experience with modern application architectures, APIs, and cloud‑based systems. Ability to clearly communicate security findings and remediation guidance to both technical and non‑technical stakeholders. Experience integrating security controls into CI/CD pipelines. Preferred / Nice‑to‑Have Qualifications Relevant certifications such as OSCP, GWAPT, OSWE, GPEN, CISSP, CSSLP, or CCSP.     Life at PTC is about more than working with today’s most cutting-edge technologies to transform the physical world. It’s about showing up as you are and working alongside some of today’s most talented industry leaders to transform the world around you.  If you share our passion for problem-solving through innovation, you’ll likely become just as passionate about the PTC experience as we are. Are you ready to explore your next career move with us? We respect the privacy rights of individuals and are committed to handling Personal Information responsibly and in accordance with all applicable privacy and data protection laws. Review our Privacy Policy here."