Aspen Technology is looking to protect its clients, enable teams to deliver secure development, and position itself for future security needs by mitigating risks through various security activities.
Requirements
- Knowledge of information security regulatory requirements for privacy, secure by design, and defense in depth
- Maintains broad understanding of information security including ISO27002, NIST and other information security frameworks and regulations
- Experience with Application/Product Security, Risk Assessment, Threat Models, Secure Architecture/Design, Security Scanning
- Experience with cloud solutions such as Azure and AWS
- Experience with security policy, procedures, tools, services, and cloud security models
- Demonstrated ability to plan, design, develop, deploy, and maintain application security best practices
- Preferable exposure to the following: IEC 62443-4-1, IEC 62443-4-2, NIST 800-53, ISO 27001, ISO 27002, Cloud Security Alliance (CSA), Cybersecurity and Infrastructure Security Agency (CISA), SANS, OWASP, CWE 25, ethical hacking, and AI Security best practices
Responsibilities
- Responsible for supporting the design, implementation, and oversight of Product Secure Development Lifecycle
- Administers product security practices to product teams, technology, and security champions across the organization
- Drive Product Security efforts to resolve challenges, enable automation, and impact organization security culture
- Monitors information security best practices, standards, regulations, industry threats and risks for improvements to product security practices
- Maintains a deep understanding of current issues in the realm of information security
- Monitors security bulletins and alerts from all Aspen Technology’s information system vendors
- Member of the AspenTech Security Emergency Response Team (ASERT) providing expert analysis of security customer reported security incidents
Other
- Bachelor’s degree (B.A./B.S.) or equivalent in computer science or technical equivalent discipline from an accredited college or university required
- 8+ years of experience in IT required
- 5+ years of experience in an information security role or experience with security and development teams
- Ability to assume high levels of responsibility and to work with a minimum of day-to-day supervision
- Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy
