Senior Principal AppSec Architect at Bentley Systems

Title: Senior/Principal AppSec Architect

About Bentley Systems

Bentley Systems (Nasdaq: BSY) is the infrastructure engineering software company. We provide innovative software to advance the world’s infrastructure – sustaining both the global economy and environment. Our industry-leading software solutions are used by professionals, and organizations of every size, for the design, construction, and operations of roads and bridges, rail and transit, water and wastewater, public works and utilities, buildings and campuses, and industrial facilities. Our offerings include MicroStation-based applications for modeling and simulation, ProjectWise for project delivery, AssetWise for asset and network performance, and the iTwin platform for infrastructure digital twins. Bentley Systems employs more than 4,000 colleagues and generates annual revenues of more than $700 million, in 172 countries. www.bentley.com

Senior/Principal AppSec Architect

Bentley Systems is seeking a talented Senior/Principal Application Security Architect to become a valued member of our dedicated software security team (AppSec). The product security team’s main responsibility is the security of software created by Bentley. This includes a wide variety of technologies: C#, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, Java web applications, and more. The successful candidate will have the opportunity to learn skills such as cloud, Agile, DevOps, etc. and will work as part of a multinational, diverse team of remotely placed experts.

Location: United States, Virtual. Qualified candidate may work virtually from a home office, with availability during normal business hours in Eastern time zone.

Responsibilities:

• Define security best practices and standards.
• Perform code and/or security design reviews of applications.
• Work independently with developers to ensure secure design, development, implementation, and verification of applications.
• Provide remediation guidance and recommendations to developers and administrators.
• Lead Secure Software Development Lifecycle best practices and standards.
• Document threat models and threat mitigation options.
• Lead or participate in threat modeling software systems.
• Help stakeholders make risk-based decision.
• Train developers and create educational presentations.
• Develop tools and automation supporting the responsibilities.

Qualifications – Required

• Minimum 5 years of development and security experience
• Proficiency in reading, writing, and auditing C# & JavaScript and the ability to learn new languages/technologies
• Experience with threat modeling software systems
• Familiarity with common vulnerabilities and attack vectors
• Proficiency in database technologies
• Strong problem-solving capabilities using various technologies
• Capability to research a new topic and to learn quickly
• Experience breaking down complex systems and applications to find flaws
• Ability to communicate, verbally and in writing, complicated technical issues and the risks they pose to developers and management
• Ability to communicate, verbally and in writing, software architecture, design, and implementation concepts.

Desired

• Knowledge of web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.).
• Good knowledge of some of the following programming platforms/languages: Electron, .Net Core, Node.js, C#, JavaScript/TypeScript, C/C++.
• Knowledge of OWASP Top10 or SANS Top 25.
• Knowledge of OAuth 2.0/OpenID Connect.
• Knowledge of cloud technologies, preferably Azure.
• Knowledge of containerization solutions, such as Kubernetes, Docker, and Istio.
• Ability to make risk-based decisions that include both technical and business impact.

Equal Opportunity Employer/Minorities/Females/Veterans/Disabled

Bentley is an equal opportunity employer and considers for employment all qualified applicants without regard to race, color, sex, sexual orientation, gender identity, disability, protected veteran status, religion, national origin, age or any other protected characteristic. Additional information about your rights as an applicant under the law may be found by clicking here and here.

Bentley participates in e-Verify / Bentley participa en e-Verify

Right to Work / Derecho a Trabajar

We encourage you to request a reasonable accommodation if you are not able to fully use or access our online application system. You can make an accommodation request by calling 610-458-5000 or sending us an email at disabilityrequest@bentley.com.

Search Firm Disclosure:

Please be aware Bentley is not accepting unsolicited assistance from search firms for this employment opportunity. This includes any phone calls or emails. All resumes submitted by search firms to any employee at Bentley via-email, the Internet (including social media) or in any form and/or method for this specific position in the absence of a written recruiting agreement executed by both you and/or your firm and Bentley will be deemed the sole property of Bentley and no fee will be paid in the event the candidate is hired by Bentley.