Product Security Engineer

About the Role AspenTech is an AI-powered software company helping the world's leading energy, chemical and engineering companies succeed in their digital transformation, making their operations more efficient and reducing impact on the environment. What You'll Do Support the design, implementation and oversight of the Product Secure Development Lifecycle, including security requirements, secure architecture/design, risk assessment, threat models, security scanning, triage, vulnerability management, security design reviews and product security validation/verification. Administer product security practices to product teams, technology, and security champions across the organization. Drive Product Security efforts to resolve challenges, enable automation and impact organization security culture. Monitor information security best practices, standards, regulations and industry threats for improvements to product security practices. Maintain a deep understanding of current information security issues, subscribing to major industry news and mailing lists, and assessing the impact of emerging issues on AspenTech's systems and practices. Monitor security bulletins and alerts from all AspenTech vendors, evaluate vulnerability impact and formulate and execute risk mitigation plans for product security. Act as a member of the AspenTech Security Emergency Response Team (ASERT), providing expert analysis of security incidents reported by customers; work with information owners, product teams, technology teams, client support and customer contacts during and after incidents. Occasionally work after hours and on weekends to perform tasks that cannot be completed during business hours. Requirements Bachelor's degree (B.A./B.S.) or equivalent in computer science or a technical discipline from an accredited college or university. 1–3+ years of experience in IT and in an information security role or with security and development teams. Knowledge of information security regulatory requirements for privacy, secure by design, secure by default and defense in depth. Broad understanding of information security frameworks and regulations such as ISO ***, NIST 800, ISO ***, and NIST *****. Desired experience with Application/Product Security, Risk Assessment, Threat Models, Secure Architecture/Design, compliance and audit. Desirable experience with cloud solutions such as Azure and AWS, including security policy, procedures, tools, services and cloud security models. Demonstrated ability to plan, design, develop, deploy and maintain application security best practices. Ability to assume high levels of responsibility and work with minimal supervision. Ability to work cooperatively and effectively with people at all organizational levels and build consensus through negotiation and diplomacy. Preferable exposure to IEC ***, IEC ***, NIST ******, ISO ***, ISO ***, CSA, CISA, SANS, OWASP, CWE 25, and AI Security best practices. Desired domain knowledge and/or certifications such as CISSP, CISA, CCSP, CSSLP, CEH, SANS GIAC, AWS or Azure security certifications. Desired knowledge of static application security testing (SAST), dynamic application security testing (DAST) and software composition analysis (SCA). Desired experience with application security best practices such as web security, cloud security, pen testing, fuzz testing, security coding guidelines, security architecture/design principles, CVSS, STRIDE and DREAD. Experience with application development technologies, processes and best practices such as SAFE/Agile, RUP, CI/CD and DevSecOps. Employment Type Full‑time, Mid‑Senior level, Information Technology – Software Development – Mexico City Metropolitan Area #J-18808-Ljbffr