Principal Consultant Engineer (Cloud Services/Cybersecurity)

The driving force behind our success has always been the people of AspenTech. What drives us, is our aspiration, our desire and ambition to keep pushing the envelope, overcoming any hurdle, challenging the status quo to continually find a better way. You will experience these qualities of passion, pride and aspiration in many ways — from a rich set of career development programs to support of community service projects to social events that foster fun and relationship building across our global community.

The RoleIn this Role you will lead efforts to improve security posture for cloud and SaaS systems (primarily Azure) used with AspenTech software. Create security plans, check systems regularly, fix issues, and follow industry standards like NIST and ISO. Work independently, team up with cybersecurity experts, and help other teams meet security goals.
In Scope: Cloud services and tools, local user accounts, data, networks, logging systems, monitoring tools and deployment processes.
Out of Scope: industrial systems or corporate cybersecurity
Decision Rights & Autonomy: Accountable for control baselines, assessment methodologies, remediation prioritization, and KPI reporting. Authorized to recommend/approve standards and exceptions within Professional Services (PS) scope; escalates risks beyond thresholds. Consults with corporate cybersecurity and compliance; informs leadership and PMO.
Key Relationships: Internal: Engineering, PS delivery, operations, corporate security/compliance, PMO, legal/privacy. External: Occasional customer/vendor engagement for audits and security questionnaires

Your Impact

• Governance, Risk & Compliance: Set up and manage a security plan for Professional Services practice. Track risks and goals, keep security controls up to date, and prepare for audits by collecting evidence and fixing issues.
• · Cloud & SaaS Security Architecture: Create security rules for cloud platforms (Azure) covering identity, data, networks, and logging. Apply Zero Trust principles to ensure only the right people and systems have access.
• · Posture Management & Assurance: Regularly check security status, find gaps, and plan fixes. Track key metrics like coverage, misconfigurations, and response times.
• · Identity, Data Protection & Network Controls: Use strong identity checks (like MFA), protect data with encryption and access rules, and set up secure network paths that follow Zero Trust.
• · Detection & Response Readiness: Set up logging and monitoring tools, create response plans, and run practice exercises. Improve how quickly and effectively threats are found and handled.
• · Secure Engineering & Delivery Enablement: Build security into DevOps processes. Use safe coding practices, document standards, train engineers, and create reusable security tools.

What You'll Need

• Requires strong technical expertise in cloud security, especially in Azure, covering identity, data, networks, and monitoring.
• Requires advanced knowledge of Windows and Linux systems, including secure configuration and maintenance in live SaaS environments.
• ·Requires practical experience with security frameworks such as NIST CSF, ISO 27001, and IEC 62443.
• ·Requires hands-on experience with security technologies like IDS, DLP, SIEM, and network forensics.
• ·Requires proven ability to develop and implement cloud security policies across IaaS, PaaS and SaaS platforms.
• Requires familiarity with securing structured and unstructured databases.·
• Requires industry-recognized certifications such as CISSP, CISM, or equivalent.
• Requires strong leadership, project management, and collaboration skills.
• ·Requires excellent communication skills in English, both written and verbal.
• ·Requires ability to manage multiple priorities and work independently or as part of a global team.
• ·May Require willingness to travel as needed.