Principal Product Security Engineer

The driving force behind our success has always been the people of AspenTech. What drives us, is our aspiration, our desire and ambition to keep pushing the envelope, overcoming any hurdle, challenging the status quo to continually find a better way. You will experience these qualities of passion, pride and aspiration in many ways — from a rich set of career development programs to support of community service projects to social events that foster fun and relationship building across our global community. The Role AspenTech is an AI-powered software company helping the world’s leading energy, chemical and engineering companies succeed in their digital transformation, making their operations more efficient and reducing impact on the environment. At AspenTech, you will be part of a global market-leading company with double digit growth and a blue-chip customer base. We offer the opportunity to make an impact, to drive innovation and to be an agent of positive change. Our culture and vision have taken dramatic leaps forward over the past two years and we still have work to do. We need extraordinary individuals to pave the way ahead. The reviews on here paint many stories of successes, failures, excitement and disappointment. Every person has their own story. We strive to make your story at AspenTech a great one. Under the direction of the VP of Product Security this role is a key member for day-to-day operations of Product Security at Aspen Technology. This role will help protect our clients, enable teams to deliver secure development, and position us for future security needs. This thought leader will help drive mitigation of risk thru activities such as developing Threat Models, driving Risk Assessments, reviewing alignment of standard controls to mitigate risks in products, oversee vulnerability tracking, ensure security documentation and compliance with security lifecycle activities for product security releases. This could include supporting compliance documents, secure patch release, security incidents, security communications, the security champion program, and product security verification/validation activities. This role will work closely with development teams, senior leaders, and teams across the organization. This role will work with teams across the organization to mitigate risks, protect our customers, protect our assets, and enable secure activities. The Principal Security Engineer will support the development and execution of product security strategic efforts to meet business and technology objectives. This role will also support the continuously improving product security policies, procedures, tools, guidelines, and security awareness. This role will also maintain a vigilant awareness of industry threats, standards, regulations, and best practices to enhance our security profile. Your Impact Responsible for supporting the design, implementation, and oversight of Product Secure Development Lifecycle. Including aspects such as security requirements, secure architecture/design, risk assessment, threat models, security scanning, triage and vulnerability management, and product security validation/verification. Administers product security practices to product teams, technology, and security champions across the organization. Drive Product Security efforts to resolve challenges, enable automation, and impact organization security culture Monitors information security best practices, standards, regulations, industry threats and risks for improvements to product security practices. Maintains a deep understanding of current issues in the realm of information security. Subscribes to major industry newsgroups and mailing lists and assesses the impact of all emerging issues on systems and practices at Aspen Technology. Monitors security bulletins and alerts from all Aspen Technology’s information system vendors. Evaluates vulnerability impact and formulates and executes risk mitigation plans for product security. Member of the AspenTech Security Emergency Response Team (ASERT) providing expert analysis of security customer reported security incidents. Works with information resource owners during and after security incidents; work with product teams for analysis; recommends best practices and solutions. Where appropriate, work with product teams, technology teams, client support and customer contacts. Occasionally after hours and weekend work to perform tasks that cannot be done during business hours. What You'll Need Bachelor’s degree (B.A./B.S.) or equivalent in computer science or technical equivalent discipline from an accredited college or university required 8 years of experience in IT required 5 years of experience in an information security role or experience with security and development teams. Knowledge of information security regulatory requirements for privacy, secure by design, and defense in depth Maintains broad understanding of information security including ISO27002, NIST and other information security frameworks and regulations. Experience with Application/Product Security, Risk Assessment, Threat Models, Secure Architecture/Design, Security Scanning. (SAST, DAST, SCA, cloud security configuration scanning) Experience with cloud solutions such as Azure and AWS - Experience with security policy, procedures, tools, services, and cloud security models. Demonstrated ability to plan, design, develop, deploy, and maintain application security best practices Ability to assume high levels of responsibility and to work with a minimum of day-to-day supervision Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy Preferable exposure to the following: IEC 62443-4-1, IEC 62443-4-2, NIST 800-53, ISO 27001, ISO 27002, Cloud Security Alliance (CSA), Cybersecurity and Infrastructure Security Agency (CISA), SANS, OWASP, CWE 25, ethical hacking, and AI Security best practices. Desired domain knowledge and/or certification: CISSP, CISA, CCSP, CSSLP, CEH, SANS GIAC, security certification from AWS or Azure Desired knowledge of the following Technologies: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA) Experience with Application Security Best Practices such as web security, cloud security, pen testing, fuzz testing, security coding guidelines, security architecture/design principles, CVSS, STRIDE, DREAD Experience with Application development technologies, processes, and best practices. For example: Agile, RUP, CICD, DevSecOps #LI-WJ1 The salary range for this role is $120,900.00 - $151,100.00. This range represents what we in good faith believe is the range possible for base compensation for this role at the time of this posting. We may ultimately pay more or less than the posted range based on several factors. This range may be modified in the future. This role is also eligible for bonus or variable incentive pay. Additionally, we offer a comprehensive benefits package including paid time off, charitable giveback day, medical/dental/vision insurance, and retirement benefits to eligible employees. AspenTech is a global software leader helping industries meet the increasing demand for resources from a rapidly growing population in a profitable and sustainable manner. Our Digital Grid Management software suite, including AspenTech OSI products, helps power and utilities companies achieve superior real-time control, optimization and management for exceptional performance of complex energy networks. If you're looking to make a difference every day and push the limits of performance, AspenTech is doing things no one else thought was possible. As a leading industrial software partner, we help companies all over the world run safer, greener, longer and faster. With over 3700 employees and more than 60 global locations, AspenTech is meeting today's sustainability and business challenges head-on with unmatched expertise, cutting-edge AI-powered technology and a passion to innovate. AspenTech is an Equal Opportunity/Affirmative Action employer. AspenTech does not discriminate against employees or applicants on the basis of age, race, color, religion, creed, ancestry, sex, sexual orientation, gender identity or expression, pregnancy or related conditions, marital status, familial status, national origin, disability, medical condition, genetic information, citizenship, military service or protected Veteran Status or any other basis protected by applicable federal, state, or local law. Reasonable Accommodation: We will provide reasonable accommodations to qualified individuals who have a disability or sincere religious reasons to request accommodation, when necessary to enable the individual to participate in the job application or interview process. If you wish to request an accommodation, please contact us at recruiting@aspentech.com. GDPR Privacy Notice: AspenTech collects a range of personal information during the recruitment process. This may include the following personal or special categories of personal data: recruitment information such as your application form and resume, references, qualifications and membership of any professional bodies and details of any pre-employment assessments; your contact details and date of birth; your gender; your marital status and family details; your identification documents including passport and driver's license and information in relation to your immigration status and right to work with us; information about your contract of employment (or services) including start and end dates of employment, role and location, working hours, details of promotion, salary (including details of previous remuneration), pension, benefits, and holiday entitlement; your racial or ethnic origin; any criminal convictions and offences. AspenTech Security and Privacy Policy Plan Participants Enrolled in the AspenTech US Medical Plans: The Transparency in Coverage Final Rules require certain group health plans to disclose on a public website information regarding in-network provider rates and historical out-of-network allowed amounts and billed charges for covered items and services in two separate machine-readable files (MRF’s). The MRF’s for the benefit package options under AspenTech’s US Employee Benefit Plan are linked below: Transparency in Coverage Rule - Machine Readable Files Transparency In Coverage Rule And Consolidated Appropriations Act Overview and FAQS

Salary : $120,900 - $151,100