About Bentley Systems 

Bentley Systems is the leading global provider of software solutions to engineers, architects, geospatial professionals, constructors, and owner-operators for the design, construction, and operations of infrastructure. Bentley’s MicroStation-based engineering and BIM applications, and its digital twin cloud services, advance the project delivery (ProjectWise) and the asset performance (AssetWise) of transportation and other public works, utilities, industrial and resources plants, and commercial and institutional facilities.

Bentley Systems employs more than 3,500 colleagues, generates annual revenues of $700 million in 170 countries, and has invested more than $1 billion in research, development, and acquisitions since 2014. From inception in 1984, the company has remained majority-owned by its five founding Bentley brothers. Bentley shares transact by invitation on the NASDAQ Private Market. 

 

 

 

 

Senior Application Security (AppSec) Engineer- “pentester”

 

The candidate will be part of a software security team (AppSec) at Bentley Systems. The product security team’s main responsibility is the security of software created by Bentley. This includes hundreds of products in a wide variety of contexts and technologies: Cloud, Desktop, Mobile, C#, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, Java web applications, and more. The successful candidate will have the opportunity to work in a truly DevSecOps environment and will work as part of a multinational, diverse team of remotely placed experts.

 

Responsibilities

• Continuous learning and researching advanced AppSec topics.
• Attack and defend Bentley’s cloud platform and other products (server, desktop, mobile, etc.).
• Identify and exploit vulnerabilities.
• Develop automations and internal tools (e.g. scan in release pipeline).
• Manage the bug bounty program.
• Coordinate with a network of security champions to improve the security of our products.
• Help colleagues in software development to improve coding.      

 

Required Skills

• Strong interest in software security and software development.
• Training in computer science, software engineering or related field of study or equivalent related experience
• 5+ years of development or security experience
• Methodical and detail-oriented but also curious enough to investigate anomalies when warranted
• Strong problem-solving capabilities using various technologies

 

Desired Skills

• In depth knowledge of OWASP Top10 and SANS Top 25
• Knowledge of heap exploitation techniques (especially Window heap)
• Knowledge of one or more Windows debuggers (ie: windbg, x64dbg)
• Knowledge of fuzzing tools
• Knowledge of web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.)
• Knowledge of web security and debugging tools (ex: capture with Fiddler, Wireshark, etc)
• Knowledge of some of the following programming languages: C++, C# and Typescript
• Experience with pentesting tools like Burp Suite Pro, OWASP Zed Attack Proxy
• Experience with exploit code creation for web and native (C/C++) vulnerabilities
• Experience in and knowledge of coding in Assembly language (for attack payload creation)

 

 

Equal Opportunity Employer/Minorities/Females/Veterans/Disabled

Bentley is an equal opportunity employer and considers for employment all qualified applicants without regard to race, color, sex, disability, protected veteran status, religion, national origin, age or any other protected characteristic.  Additional information about your rights as an applicant under the law may be found by clicking here and here.

 

Bentley participates in e-Verify / Bentley participa en e-Verify

 

Right to Work / Derecho a Trabajar

We encourage you to request a reasonable accommodation  if you are not able to fully use or access our online application system.   You can make an accommodation request by calling 610-458-5000 or sending us an email at disabilityrequest@bentley.com. 

 

Search Firm Disclosure:
Please be aware Bentley is not accepting unsolicited assistance from search firms for this employment opportunity. This includes any phone calls or emails. All resumes submitted by search firms to any employee at Bentley via-email, the Internet (including social media) or in any form and/or method for this specific position in the absence of a written recruiting agreement executed by both you and/or your firm and Bentley will be deemed the sole property of Bentley and no fee will be paid in the event the candidate is hired by Bentley.