About Bentley Systems 

Bentley Systems is the leading global provider of software solutions to engineers, architects, geospatial professionals, constructors, and owner-operators for the design, construction, and operations of infrastructure, including public works, utilities, industrial plants, and digital cities. Bentley’s MicroStation-based open modeling applications, and its open simulation applications, accelerate design integration; its ProjectWise and SYNCHRO offerings accelerate project delivery; and its AssetWise offerings accelerate asset and network performance. Spanning infrastructure engineering, Bentley’s iTwin Services are fundamentally advancing BIM and GIS to 4D digital twins.

Bentley Systems employs more than 3,500 colleagues, generates annual revenues of $700 million in 170 countries, and has invested more than $1 billion in research, development, and acquisitions since 2014. From inception in 1984, the company has remained majority-owned by its five founding Bentley brothers.

 

 

 

Intern in an Application Security (AppSec) Team

 

The candidate will be part of a software security team (AppSec) at Bentley Systems. The product security team’s main responsibility is the security of software created by Bentley. This includes hundreds of products in a wide variety of contexts and technologies: Cloud, Desktop, Mobile, C#, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, Java web applications, and more. The successful candidate will have the opportunity to work in a truly DevSecOps environment and will work as part of a multinational, diverse team of remotely placed experts.

 

Responsibilities

• Attack and defend Bentley’s cloud platform and other products (server, desktop, mobile, etc.).
• Develop automations and internal tools (e.g. scan in release pipeline).
• Identify and exploit vulnerabilities.
• Coordinate with a network of security champions to improve the security of our products.
• Help colleagues in software development to improve coding.      

 

Required Skills

• Strong interest in software security and software development.
• Training in computer science, software engineering or related field
• Methodical and detail-oriented but also curious enough to investigate anomalies when warranted
• Strong problem-solving capabilities using various technologies

 

Desired Skills

• Knowledge of OWASP Top10 and SANS Top 25
• Knowledge of web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.)
• Knowledge of web security and debugging tools (ex: capture with Fiddler, Wireshark, etc)
• Knowledge of some of the following programming languages: C++, C#, Assembly or Typescript
• Knowledge of pentesting tools like Burp Suite Pro, OWASP Zed Attack Proxy

 

Stagiaire dans une équipe de sécurité des applications (AppSec)

 

Le candidat fera partie d'une équipe de sécurité logicielle dédiée (AppSec) chez Bentley Systems. La principale responsabilité de l'équipe de sécurité des produits est la sécurité des logiciels créés par Bentley. Cela comprend des centaines de produits et une grande variété de technologies : Cloud, Desktop, Mobile, C#, JavaScript, Node.js, applications à page unique (SPA), Electron, services Azure cloud, etc. Le candidat retenu aura l'occasion de travailler dans un environnement réellement DevSecOps et fera partie d'une équipe multinationale diversifiée d'experts.

 

Responsabilités

• Attaque des plateformes clouds de Bentley et autres produits (serveur, desktop, mobile, etc.)
• Automatisation et développements d’outils internes (ex : scan du pipeline de déploiement).
• Identifier et exploiter des vulnérabilités.
• Travailler avec un réseau de champions de la sécurité pour améliorer la sécurité de nos produits.
• Aider les développeurs à améliorer leur code pour qu’il soit plus sécuritaire.

 

Requis

• Intérêt marqué pour la sécurité et le développement de logiciels.
• Formation en informatique, en génie logiciel ou dans un domaine d'études connexe.
• Méthodique et minutieux, mais aussi assez curieux pour enquêter sur les anomalies lorsque cela est justifié.
• Solides capacités de résolution de problèmes à l'aide de diverses technologies.

 

Atouts

• Connaissance du Top 10 de l'OWASP et du Top 25 de SANS.
• Connaissance des technologies web (JavaScript, HTML5, HTTP, REST, SOAP, etc.).
• Connaissance de la sécurité web des outils de débogage (ex : capture avec Fiddler, Wireshark, etc).
• Connaissance de certains des langages de programmation suivants : C++, C#, Assembleur et Typescript.
• Connaissance des outils de pentests comme Burp Suite Pro, OWASP Zed Attack Proxy.

 

 

Equal Opportunity Employer/Minorities/Females/Veterans/Disabled

Bentley is an equal opportunity employer and considers for employment all qualified applicants without regard to race, color, sex, disability, protected veteran status, religion, national origin, age or any other protected characteristic.  Additional information about your rights as an applicant under the law may be found by clicking here and here.

 

Bentley participates in e-Verify / Bentley participa en e-Verify

 

Right to Work / Derecho a Trabajar

We encourage you to request a reasonable accommodation  if you are not able to fully use or access our online application system.   You can make an accommodation request by calling 610-458-5000 or sending us an email at disabilityrequest@bentley.com. 

 

Search Firm Disclosure:
Please be aware Bentley is not accepting unsolicited assistance from search firms for this employment opportunity. This includes any phone calls or emails. All resumes submitted by search firms to any employee at Bentley via-email, the Internet (including social media) or in any form and/or method for this specific position in the absence of a written recruiting agreement executed by both you and/or your firm and Bentley will be deemed the sole property of Bentley and no fee will be paid in the event the candidate is hired by Bentley.