Principal SaaS Security Engineer Security Clearance

Position: Principal SaaS Security Engineer with Security Clearance
Our world is transforming, and PTC is leading the way. Our software brings the physical and digital worlds together, enabling companies to improve operations, create better products, and empower people in all aspects of their business. Our people make all the difference in our success. Today, we are a global team of nearly 7,000 and our main objective is to create opportunities for our team members to explore, learn, and grow – all while seeing their ideas come to life and celebrating the differences that make us who we are and the work we do possible.

Principal SaaS Security Engineer-Hybrid-Boston Onshape is a next-generation, global Software-as-a-Service (SaaS) product development platform that helps businesses of all sizes modernize and accelerate their design and manufacturing processes. The cloud-native platform is the only all-in-one system that combines robust computer-aided design (CAD) with powerful data management and collaboration tools. Onshape helps extended design teams work together faster from any location and helps executives make better decisions with real-time business analytics and unprecedented visibility into their company’s operations.

As a Principal SaaS Security Engineer, you will be a subject matter expert responsible for the security operations and continuous monitoring of our commercial and US government cloud environments. The government environment supports customers with ITAR/EAR requirements and is pursuing a FedRAMP Moderate ATO. You will play a critical role in maintaining compliance with NIST SP 800-53 controls, driving incident response, and enhancing our security posture through automation, engineering best practices, and mentoring.

This role requires a deep technical background in cloud security and experience with US federal security and compliance frameworks.

Key Responsibilities:

Continuous Monitoring and Compliance:
Lead the planning, implementation, and reporting of all FedRAMP continuous monitoring (Con Mon) activities.
Manage and submit monthly Con Mon deliverables, including vulnerability scan results, Plan of Action and Milestones (POA&M) updates, and incident reports to the FedRAMP Program Management Office (PMO), agency sponsor, and Internal Stakeholders.
Ensure all necessary documentation, such as the System Security Plan (SSP), is kept up-to-date and accurately reflects the current security posture.
Security Engineering and Automation:
Evaluate, deploy, and configure security tools and services in a large-scale, public cloud environment (100% AWS) to deliver a FedRAMP Moderate compliant service.
Develop and manage defensive security tool rules, alerts, and dashboards to proactively detect threats and anomalies.
Incident Response:
Serve as a senior responder for security incidents within the FedRAMP authorization boundary.
Lead incident response efforts, from initial triage and containment to mitigation and recovery.
Ensure all incidents are reported in accordance with FedRAMP Incident Communications Procedures.
Conduct post-mortem analysis of security incidents to identify root causes, implement defensive measures, and improve the incident response process.
Threat and Vulnerability Management:
Oversee comprehensive vulnerability management, including authenticated and unauthenticated scanning of systems, databases, containers, and web applications.
Track and manage the remediation of vulnerabilities according to FedRAMP timeliness requirements (e.g., High-risk findings within 30 days).
Implement and manage Intrusion Detection/Prevention Systems (IDPS) and host-based security systems to protect the system boundary and monitor for threats.
Collaboration and Team player:
Act as a technical leader, mentoring junior engineers and promoting security best practices across engineering and operations teams.
Collaborate with 3

PAOs (Third-Party Assessment Organizations) during annual assessments and audit readiness activities.
Partner with other technical stakeholders to provide security expertise and ensure solutions align with compliance requirements.

Required Qualifications:

7-10 years of hands-on professional experience in security operations, security engineering, or…