Share this Job

Associate Application Security Engineer

Date: Jan 14, 2022

Location: Dingwall, SCT, GB, IV15 9XL

Company: Bentley Systems

Location: Dingwall, UK


Position Summary:


The candidate will be part of Enterprise Systems with direct links to a dedicated software security team (AppSec) at Bentley Systems. The principal responsibility of the AppSec team is to secure Bentley’s code. This includes hundreds of products in a wide variety of contexts and technologies: Cloud, Desktop, Mobile, C#, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, Java web applications, and more. The successful candidate will have the opportunity to work in a truly DevSecOps environment and will work as part of a multinational, diverse team of remotely placed experts.


Your Day-to-Day:


  • Continuous learning and researching advanced AppSec topics.
  • Attack and defend Bentley’s cloud platform and other products (server, desktop, mobile, etc.).
  • Identify and exploit vulnerabilities.
  • Develop automations and internal tools (e.g. scan in release pipeline).
  • Coordinate with a network of security champions to improve the security of our products.
  • Help colleagues in software development to improve coding.   


What You Bring to The Team:


  • Strong interest in software security and software development required.
  • Training in computer science, software engineering or related field of study or equivalent related experience preferred. 
  • Methodical and detail-oriented but also curious enough to investigate anomalies when warranted required.
  • Strong problem-solving capabilities using various technologies required.


Desired Skills:


  • In depth knowledge of OWASP Top10 and SANS Top 25.
  • Knowledge of heap exploitation techniques (especially Window heap).
  • Knowledge of one or more Windows debuggers (ie: windbg, x64dbg).
  • Knowledge of fuzzing tools.
  • Knowledge of web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.).
  • Knowledge of web security and debugging tools (ex: capture with Fiddler, Wireshark, etc).
  • Knowledge of some of the following programming languages: C++, C# and Typescript.
  • Experience with pentesting tools like Burp Suite Pro, OWASP Zed Attack Proxy.
  • Experience with exploit code creation for web and native (C/C++) vulnerabilities.
  • Experience in and knowledge of coding in Assembly language (for attack payload creation).



What We Offer:


  • A great Team and culture – please see our Recruitment Video.
  • An exciting career as an integral part of a world-leading software company providing solutions for architecture, engineering, and construction.
  • Competitive Salary and benefits.
  • The opportunity to work within a global and diversely international team.
  • A supportive and collaborative environment.
  • Colleague Recognition Awards.



Who We Are:


Bentley Systems (Nasdaq: BSY) is the infrastructure engineering software company. We provide innovative software to advance the world's infrastructure – sustaining both the global economy and environment. Our industry-leading software solutions are used by professionals, and organizations of every size, for the design, construction, and operations of roads and bridges, rail and transit, water and wastewater, public works and utilities, buildings and campuses, mining, and industrial facilities. Our offerings include MicroStation-based applications for modeling and simulation, ProjectWise for project delivery, AssetWise for asset and network performance, Seequent's leading geosciences software portfolio, and the iTwin platform for infrastructure digital twins. Bentley Systems employs more than 4,000 colleagues and generates annual revenues of more than $800 million in 172 countries.​​


Equal Opportunity Employer:


Bentley is proud to be an equal opportunity employer and considers for employment all qualified applicants without regard to race, color, gender/gender identity, sexual orientation, disability, marital status, religion/belief, national origin, caste, age, or any other characteristic protected by local law or unrelated to job qualifications.



Job Segment: Application Engineering, Engineer, Construction, Software Engineer, Water Treatment, Engineering