Bentley Systems (Nasdaq: BSY) is the infrastructure engineering software company. We provide innovative software to advance the world’s infrastructure – sustaining both the global economy and environment. Our industry-leading software solutions are used by professionals, and organizations of every size, for the design, construction, and operations of roads and bridges, rail and transit, water and wastewater, public works and utilities, buildings and campuses, and industrial facilities. Our offerings include MicroStation-based applications for modeling and simulation, ProjectWise for project delivery, AssetWise for asset and network performance, and the iTwin platform for infrastructure digital twins. Bentley Systems employs more than 4,000 colleagues and generates annual revenues of more than $800 million, in 172 countries. www.bentley.com

Senior Application Security (AppSec) Engineer- “pentester”

The candidate will be part of a software security team (AppSec) at Bentley Systems. The product security team’s main responsibility is the security of software created by Bentley. This includes hundreds of products in a wide variety of contexts and technologies: Cloud, Desktop, Mobile, C#, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, Java web applications, and more. The successful candidate will have the opportunity to work in a truly DevSecOps environment and will work as part of a multinational, diverse team of remotely placed experts.

Responsibilities

• Continuous learning and researching advanced AppSec topics.
• Attack and defend Bentley’s cloud platform and other products (server, desktop, mobile, etc.).
• Identify and exploit vulnerabilities.
• Develop automations and internal tools (e.g. scan in release pipeline).
• Manage the bug bounty program.
• Coordinate with a network of security champions to improve the security of our products.
• Help colleagues in software development to improve coding.      

Required Skills

• Strong interest in software security and software development.
• Training in computer science, software engineering or related field of study or equivalent related experience
• 5+ years of development or security experience
• Methodical and detail-oriented but also curious enough to investigate anomalies when warranted
• Strong problem-solving capabilities using various technologies

Desired Skills

• In depth knowledge of OWASP Top10 and SANS Top 25
• Knowledge of heap exploitation techniques (especially Window heap)
• Knowledge of one or more Windows debuggers (ie: windbg, x64dbg)
• Knowledge of fuzzing tools
• Knowledge of web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.)
• Knowledge of web security and debugging tools (ex: capture with Fiddler, Wireshark, etc)
• Knowledge of some of the following programming languages: C++, C# and Typescript
• Experience with pentesting tools like Burp Suite Pro, OWASP Zed Attack Proxy
• Experience with exploit code creation for web and native (C/C++) vulnerabilities
• Experience in and knowledge of coding in Assembly language (for attack payload creation)

What We Offer:

• Competitive salary and benefits.
• Being an integral part of a world-leading software company providing solutions for architecture, engineering and construction.
• The opportunity to work within a global and diversely international team.
• A supportive and collaborative environment.
• Colleague Recognition Awards

Please note if you are employed full-time salary for this position ranges from 4000 EUR gross (before taxes).

#LI-LM1

Bentley is proud to be an equal opportunity employer and considers for employment all qualified applicants without regard to race, color, gender/gender identity, sexual orientation, disability, marital status, religion/belief, national origin, caste, age, or any other characteristic protected by local law or unrelated to job qualifications.