The candidate will be part of a software security team (AppSec) at Bentley Systems. The product security team’s main responsibility is the security of software created by Bentley. This includes hundreds of products in a wide variety of contexts and technologies: Cloud, Desktop, Mobile, C#, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, Java web applications, and more. The successful candidate will have the opportunity to work in a truly DevSecOps environment and will work as part of a multinational, diverse team of remotely placed experts.

Responsibilities

• Continuous learning and researching advanced AppSec topics.
• Attack and defend Bentley’s cloud platform and other products (server, desktop, mobile, etc.).
• Identify and exploit vulnerabilities.
• Develop automations and internal tools (e.g. scan in release pipeline).
• Manage the bug bounty program.
• Coordinate with a network of security champions to improve the security of our products.
• Help colleagues in software development to improve coding.      

Required Skills

• Strong interest in software security and software development.
• Training in computer science, software engineering or related field of study or equivalent related experience
• 5+ years of development or security experience
• Methodical and detail-oriented but also curious enough to investigate anomalies when warranted
• Strong problem-solving capabilities using various technologies

Desired Skills

• In depth knowledge of OWASP Top10 and SANS Top 25
• Knowledge of heap exploitation techniques (especially Window heap)
• Knowledge of one or more Windows debuggers (ie: windbg, x64dbg)
• Knowledge of fuzzing tools
• Knowledge of web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.)
• Knowledge of web security and debugging tools (ex: capture with Fiddler, Wireshark, etc)
• Knowledge of some of the following programming languages: C++, C# and Typescript
• Experience with pentesting tools like Burp Suite Pro, OWASP Zed Attack Proxy
• Experience with exploit code creation for web and native (C/C++) vulnerabilities
• Experience in and knowledge of coding in Assembly language (for attack payload creation)

What You’ll Get:

• Possibility to be a part of an amazing international team 

• Valuable experience on latest technologies 

• Training and professional development opportunities (certifications programs, conferences and etc.)

• Challenging and interesting tasks at work every day, opportunity to work with highly skilled professionals on next generation software 

• Making a positive impact to the world by creating future infrastructure

• Work environment that suits concentration as well as teamwork 

• Additional annual leave days and extra paid days for different occasions (marriage, moving day, bereavement leave and etc.) 

• Premium health insurance package

• Referral program with bonus starting with 1000 Eur. gross

• Opportunity to join Bentley’s employee stock purchase plan

• Possibility to choose 3rd pillar pension coverage

• Extra paid day for volunteering in organisation of your choice

• Talent’s recognition program

• Ability where to work from: office or home

• Pet-friendly office

• Team’s and company’s social events

• Areas for leisure time (games tables, Xbox, library) in offices

Please note if you are employed full-time salary for this position ranges from 5500 EUR gross (before taxes).
 
Equal Opportunity Employer. We are proud to be an equal opportunity employer and consider for employment all qualified applicants without regard to race, color, gender/gender identity, sexual orientation, disability, marital status, religion/belief, national origin, caste, age, or any other characteristic protected by local law or unrelated to job qualifications.

#LI-LM1