Application Security Engineer - Attacker/Pentester

Date: May 17, 2023

Location: Pune, IN

Company: Bentley Systems

Application Security  (AppSec) Engineer - Attacker/Pentester



Location: Remote, India


Position Summary:


The candidate will be part of a dedicated software security team (AppSec) at Bentley Systems. The product security team’s main responsibility is the security of software created by Bentley.  This includes a wide variety of technologies: C#, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, k8s, and more. The successful candidate will have the opportunity to learn skills such as cloud, Agile, DevOps, etc. and will work as part of a multinational, diverse team of remotely placed experts.





  • Attack and defend Bentley’s cloud platform and other products (server, desktop, mobile, etc.).
  • Identify and exploit vulnerabilities.
  • Develop automations and internal tools (e.g. scan in release pipeline).
  • Support the bug bounty program.
  • Coordinate with a network of security champions to improve the security of our products.
  • Help colleagues in software development to improve coding in regard to security issues.   



Required Knowledge, Skills, Abilities, and Experience:


  • Strong interest in software security and software development.
  • Training in computer science, software engineering or related field of study or equivalent related experience
  • 5 +ears of development or security experience
  • Methodical and detail-oriented but also curious enough to investigate anomalies when warranted
  • Strong problem-solving capabilities using various technologies
  • Team player
  • Knowledge of web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.)
  • Experience with web security or debugging tools (ex: capture with Fiddler, Wireshark, etc)
  • Good knowledge of some of the following programming languages: C++, C# or Typescript
  • Knowledge of OWASP Top10 or SANS Top 25
  • Experience with pentesting tools like Burp Suite Pro, OWASP Zed Attack Proxy
  • Experience with exploit code creation for web and native (C/C++) vulnerabilities
  • Experience in and knowledge of coding in Assembly language (for attack payload creation



What We Offer:


  • A great Team and culture – please see our Recruitment Video.
  • An exciting career as an integral part of a world-leading software company providing solutions for architecture, engineering, and construction.
  • Competitive Salary and benefits.
  • The opportunity to work within a global and diversely international team.
  • A supportive and collaborative environment.
  • Colleague Recognition Awards.



About Bentley Systems

Bentley Systems (Nasdaq: BSY) is the infrastructure engineering software company. We provide innovative software to advance the world's infrastructure – sustaining both the global economy and environment. Our industry-leading software solutions are used by professionals, and organizations of every size, for the design, construction, and operations of roads and bridges, rail and transit, water and wastewater, public works and utilities, buildings and campuses, mining, and industrial facilities. Our offerings include MicroStation-based applications for modeling and simulation, ProjectWise for project delivery, AssetWise for asset and network performance, Seequent's leading geoprofessional software portfolio, and the iTwin platform for infrastructure digital twins. Bentley Systems employs more than 4,500 colleagues and generates annual revenues of approximately $1 billion in 186 countries.


Equal Opportunity Employer

Bentley is proud to be an equal opportunity employer and considers for employment all qualified applicants without regard to race, color, gender/gender identity, sexual orientation, disability, marital status, religion/belief, national origin, caste, age, or any other characteristic protected by local law or unrelated to job qualifications.

Job Segment: Application Engineering, Construction, Software Engineer, Engineer, Water Treatment, Engineering