Product Security Engineer

The Role AspenTech is an AI-powered software company helping the world’s leading energy, chemical and engineering companies succeed in their digital transformation, making their operations more efficient and reducing impact on the environment. At AspenTech, you will be part of a global market‑leading company with double‑digit growth and a blue‑chip customer base. The role is a key member of day‑to‑day operations of Product Security, working under the VP of Product Security to protect clients, enable teams to deliver secure development and position the company for future security needs. Your Impact Responsible for supporting the design, implementation, and oversight of Product Secure Development Lifecycle, including security requirements, secure architecture/design, risk assessment, threat models, security scanning, triage, vulnerability management, security design reviews, and product security validation/verification. Administers product security practices to product teams, technology, and security champions across the organization. Drives Product Security efforts to resolve challenges, enable automation, and impact organization security culture. Monitors information security best practices, standards, regulations, and industry threats for improvements to product security practices. Maintains a deep understanding of current information security issues, subscribing to major industry newsgroups and mailing lists, and assessing the impact of emerging issues on AspenTech’s systems and practices. Monitors security bulletins and alerts from all AspenTech vendors, evaluates vulnerability impact, and formulates and executes risk mitigation plans for product security. Member of the AspenTech Security Emergency Response Team (ASERT) providing expert analysis of security incidents reported by customers; works with information owners, product teams, technology teams, client support and customer contacts during and after incidents. Occasionally works after hours and on weekends to perform tasks that cannot be completed during business hours. What You’ll Need Bachelor’s degree (B.A./B.S.) or equivalent in computer science or a technical discipline from an accredited college or university. 1–3+ years of experience in IT and in an information security role or with security and development teams. Knowledge of information security regulatory requirements for privacy, secure by design, secure by default and defense in depth. Broad understanding of information security frameworks and regulations such as ISO27002, NIST 800, ISO 27001, and NIST 800‑53. Desired experience with Application/Product Security, Risk Assessment, Threat Models, Secure Architecture/Design, compliance, and audit. Desirable experience with cloud solutions such as Azure and AWS, including security policy, procedures, tools, services, and cloud security models. Demonstrated ability to plan, design, develop, deploy, and maintain application security best practices. Ability to assume high levels of responsibility and work with minimal supervision. Ability to work cooperatively and effectively with people at all organizational levels and build consensus through negotiation and diplomacy. Preferable exposure to IEC 62443‑4‑1, IEC 62443‑4‑2, NIST 800‑53, ISO 27001, ISO 27002, CSA, CISA, SANS, OWASP, CWE 25, and AI Security best practices. Desired domain knowledge and/or certifications such as CISSP, CISA, CCSP, CSSLP, CEH, SANS GIAC, AWS or Azure security certifications. Desired knowledge of static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA). Desired experience with application security best practices such as web security, cloud security, pen testing, fuzz testing, security coding guidelines, security architecture/design principles, CVSS, STRIDE, and DREAD. Experience with application development technologies, processes, and best practices such as SAFE/Agile, RUP, CI/CD, and DevSecOps. Senior level: Mid‑Senior level Employment type: Full‑time Job function: Information Technology Industry: Software Development Location: Mexico City Metropolitan Area #J-18808-Ljbffr