Share this Job

Application Security (AppSec) Engineer

Date: Jul 2, 2019

Location: Quebec, Quebec, CA, G1E 3L1

Company: Bentley Systems


Application Security (AppSec) Engineer


The candidate will be part of a dedicated software security team (AppSec) at Bentley Systems. The product security team’s main responsibility is the security of software created by Bentley.  This includes a wide variety of technologies: C#, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, Java web applications, and more. The successful candidate will have the opportunity to learn skills such as cloud, Agile, DevOps, etc. and will work as part of a multinational, diverse team of remotely placed experts.


Location: Québec, QC




  • Attack and defend Bentley’s cloud platform and other products (server, desktop, mobile, etc.).
  • Identify and exploit vulnerabilities.
  • Develop automations and internal tools (e.g. scan in release pipeline).
  • Manage the bug bounty program.
  • Coordinate with a network of security champions to improve the security of our products.
  • Help colleagues in software development to improve coding in regard to security issues.          




  • Strong interest in software security and software development.
  • Methodical and detail-oriented but also curious enough to investigate anomalies when warranted.
  • Strong problem-solving capabilities using various technologies.
  • Team player.
  • Training in computer science, software engineering or related field of study or equivalent related experience.
  • 0-5 years of development or security experience.
  • Knowledge of web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.), an asset.
  • Experience with web security or debugging tools (ex: capture with Fiddler, Wireshark, etc) , an asset.
  • Good knowledge of some of the following programming languages: C++, C# or Typescript, an asset.
  • Knowledge of OWASP Top10 or SANS Top 25, an asset.
  • Experience with pentesting tools like Burp Suite Pro, OWASP Zed Attack Proxy, an asset.
  • Experience with exploit code creation for web and native (C/C++) vulnerabilities, an asset.
  • Experience in and knowledge of coding in Assembly language (for attack payload creation), an asset.




d'attaque), un atout.

Job Segment: Application Engineering, Engineer, Software Engineer, Engineering