Bentley Systems (Nasdaq: BSY) is the infrastructure engineering software company. We provide innovative software to advance the world’s infrastructure – sustaining both the global economy and environment. Our industry-leading software solutions are used by professionals, and organizations of every size, for the design, construction, and operations of roads and bridges, rail and transit, water and wastewater, public works and utilities, buildings and campuses, and industrial facilities. Our offerings include MicroStation-based applications for modeling and simulation, ProjectWise for project delivery, AssetWise for asset and network performance, and the iTwin platform for infrastructure digital twins. Bentley Systems employs more than 4,000 colleagues and generates annual revenues of more than $800 million, in 172 countries. www.bentley.com

Application Security Architect

 

The candidate will be part of a dedicated software security team (AppSec) at Bentley Systems. The product security team’s main responsibility is the security of software created by Bentley.  This includes a wide variety of technologies: C#, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, Java web applications, and more. The successful candidate will have the opportunity to learn skills such as cloud, Agile, DevOps, etc. and will work as part of a multinational, diverse team of remotely placed experts.

 

Location: Pune

 

Responsibilities:

• Define security best practices and standards.
• Perform code and/or security design reviews of applications.
• Work independently with developers to ensure secure design, development, implementation, and verification of applications.
• Provide remediation guidance and recommendations to developers and administrators.
• Lead Secure Software Development Lifecycle best practices and standards.
• Document threat models and threat mitigation options.
• Lead or participate in threat modeling software systems.
• Help stakeholders make risk-based decision.
• Train developers and create educational presentations.
• Develop tools and automation supporting the responsibilities.

 

Qualifications - Required

• Strong interest in software security and development.
• Strong problem-solving capabilities using various technologies.
• Capability to research a new topic and to learn quickly.
• Experience breaking down complex systems and applications to find flaws.
• Ability to communicate, verbally and in writing, complicated technical issues and the risks they pose to developers and management.
• Ability to communicate, verbally and in writing, software architecture, design, and implementation concepts.
• Familiarity with common vulnerabilities and attack vectors.
• Proficiency in reading, writing, and auditing C# & JavaScript and the ability to learn new languages/technologies.
• Proficiency in database technologies
• Experience threat modeling software systems.
• 10+ years of development and security experience.

 

Desired

• Knowledge of web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.).
• Good knowledge of some of the following programming platforms/languages:  .Net Core. Node.js, C#, Java, JavaScript/TypeScript, C/C++.
• Knowledge of OWASP Top10 or SANS Top 25.
• Knowledge of OAuth 2.0/OpenID Connect.
• Knowledge of cloud technologies, preferably Azure.
• Knowledge of containerization solutions, such as Kubernetes, Docker, and Istio.
• Ability to make risk-based decisions that include both technical and business impact.

 

What We Offer:

• Competitive salary and benefits.
• Being an integral part of a world-leading software company providing solutions for architecture, engineering and construction.
• The opportunity to work within a global and diversely international team.
• A supportive and collaborative environment.
• Colleague Recognition Awards.

 

#LI-LS1

 

Bentley is proud to be an equal opportunity employer and considers for employment all qualified applicants without regard to race, color, gender/gender identity, sexual orientation, disability, marital status, religion/belief, national origin, caste, age, or any other characteristic protected by local law or unrelated to job qualifications.