Application Security Engineer (Defender/Code Review)
The candidate will be part of a dedicated software security team (AppSec) at Bentley Systems. The product security team’s main responsibility is the security of software created by Bentley. This includes a wide variety of technologies: C#, Typescript, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, K8s, and more. The successful candidate will have the opportunity to learn skills such as cloud, Agile, Dev(Sec)Ops, etc. and will work as part of a multinational, diverse team of remotely placed experts.
Responsibilities:
- Perform manual security code review of applications.
- Work with developers to ensure secure design, development, implementation, and verification of applications.
- Provide remediation guidance and recommendations to developers.
- Help define Secure Software Development Lifecycle best practices.
- Help stakeholders make risk-based decisions.
- Train developers and create educational presentations.
- Develop tools and automation supporting responsibilities.
Qualifications – Required
- Proficiency in reading, writing, and auditing code and the ability to learn new languages/technologies.
- Experience in manual security code review.
- Strong interest in software security and development best practices.
- Strong problem-solving capabilities using various technologies.
- Capability to research a new topic and to learn quickly.
- Experience breaking down complex systems and applications to identify threats.
- Proficiency in cloud technologies.
- 3-7 years of development and security experiences.
Optional skills
- Knowledge of web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.).
- Knowledge of some of the following programming platforms/languages: .Net Core. Node.js, C#, Java, JavaScript/TypeScript, C/C++.
- Knowledge of OWASP Top10 or SANS Top 25.
- Knowledge of OAuth 2.0/OpenID Connect.
- Knowledge of Azure.
- Knowledge of containerization solutions, such as Kubernetes, Docker, and Istio.
- Ability to exploit vulnerabilities. For example: deserialization vulnerability, modern http smuggling, etc.
- Interest in fuzzing, reverse engineering and crash analysis
- Relevant certifications (CCSP, CISSP, CEH, etc.)
About Bentley Systems:
Bentley Systems (Nasdaq: BSY) is the infrastructure engineering software company. We provide innovative software to advance the world’s infrastructure – sustaining both the global economy and environment. Our industry-leading software solutions are used by professionals, and organizations of every size, for the design, construction, and operations of roads and bridges, rail and transit, water and wastewater, public works and utilities, buildings and campuses, mining, and industrial facilities. Our offerings, powered by the iTwin Platform for infrastructure digital twins, include MicroStation and Bentley Open applications for modeling and simulation, Seequent’s software for geoprofessionals, and Bentley Infrastructure Cloud encompassing ProjectWise for project delivery, SYNCHRO for construction management, and AssetWise for asset operations. Bentley Systems’ 5,200 colleagues generate annual revenues of more than $1 billion in 194 countries.
Equal Opportunity Employer:
Bentley is proud to be an equal opportunity employer and considers for employment all qualified applicants without regard to race, color, gender/gender identity, sexual orientation, disability, marital status, religion/belief, national origin, caste, age, or any other characteristic protected by local law or unrelated to job qualifications.