Application Security Engineer (Defender/Code Review)
Location: Europe-Based (Office/ Hybrid/Home)
Position Summary:
Join a dedicated team of software security experts (AppSec) at Bentley Systems, where you'll play a crucial role in safeguarding our cutting-edge products. Our product security team is committed to continuously elevating security standards and staying ahead of the curve in the ever-evolving cybersecurity landscape. This role demands exceptional expertise, a passion for learning, and a willingness to embrace challenges. You'll collaborate with a team of remotely-based experts from across the globe, working across a diverse range of technologies, including C#, Typescript, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, K8s, and more.
We will rely on you for the following:
Perform manual security code review of applications.
Work with developers to ensure secure design, development, implementation, and verification of applications.
Provide remediation guidance and recommendations to developers.
Help define Secure Software Development Lifecycle best practices.
Help stakeholders make risk-based decisions.
Train developers and create educational presentations.
Develop tools and automation supporting responsibilities.
What you Bring to the Team:
3+ years of experience in software development and security, with a significant focus on manual code review and white-box vulnerability research
Proficiency in reading, writing, and auditing code and the ability to learn new languages/technologies.
Experience in manual security code review.
Strong interest in software security and development best practices.
Experience breaking down complex systems and applications to identify threats.
Experience with web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.).
Experience with some of the following programming platforms/languages: .Net Core. Node.js, C#, Java, JavaScript/TypeScript, C/C++.
Experience with OWASP Top 10 or SANS Top 25.
Proficiency in cloud technologies is required, Azure is a plus.
Experience with containerization solutions with Kubernetes and Docker, is required.
Strong problem-solving capabilities using various technologies.
Capability to research a new topic and to learn quickly.
What would make you stand out:
Experience with OAuth 2.0/OpenID Connect.
Ability to exploit vulnerabilities. For example: deserialization vulnerability, modern http smuggling, etc.
Interest in fuzzing, reverse engineering, and crash analysis
Relevant certifications (CCSP, CISSP, CEH, etc.)
What We Offer:
A great Team and culture – please see our Recruitment Video
An exciting career as an integral part of a world-leading software company providing solutions for architecture, engineering, and construction
Competitive Salary and benefits
The opportunity to work within a global and diverse international team
A supportive and collaborative environment
About Bentley Systems:
Bentley Systems (Nasdaq: BSY) is the infrastructure engineering software company. We provide innovative software to advance the world’s infrastructure – sustaining both the global economy and environment. Our industry-leading software solutions are used by professionals, and organizations of every size, for the design, construction, and operations of roads and bridges, rail and transit, water and wastewater, public works and utilities, buildings and campuses, mining, and industrial facilities. Our offerings, powered by the iTwin Platform for infrastructure digital twins, include MicroStation and Bentley Open applications for modeling and simulation, Seequent’s software for geoprofessionals, and Bentley Infrastructure Cloud encompassing ProjectWise for project delivery, SYNCHRO for construction management, and AssetWise for asset operations. Bentley Systems’ 5,000 colleagues generate annual revenues of more than $1 billion in 194 countries. www.bentley.com
Equal Opportunity Employer:
Bentley is proud to be an equal opportunity employer and considers for employment all qualified applicants without regard to race, color, gender/gender identity, sexual orientation, disability, marital status, religion/belief, national origin, caste, age, or any other characteristic protected by local law or unrelated to job qualifications.
#LI-VP
#LI-Remote