AppSec Architect (Threat-Model)

Location: Office-Based / Home-Based / Hybrid- India

Position Summary:

The candidate will be part of a dedicated software security team (AppSec) at Bentley Systems. The product security team’s main responsibility is the security of software created by Bentley.  This includes a wide variety of technologies: C#, Typescript, JavaScript, Node.js, single-page applications and Electron applications, Azure cloud services, K8s, and more. The successful candidate will have the opportunity to learn skills such as cloud, Agile, Dev(Sec)Ops, etc. and will work as part of a multinational, diverse team of remotely placed experts.

Your Day-to-Day:

• Major (75% of time):
  • Threat-model applications
• Minor (25% of time):
  • Define security best practices and standards.
  • Perform security architecture and design reviews of applications.
  • Work independently with developers to ensure secure design, development, implementation, and verification of applications.
  • Provide remediation guidance and recommendations to developers and administrators.
  • Lead Secure Software Development Lifecycle best practices and standards.
  • Participate in and advance threat modeling practices.
  • Help stakeholders make risk-based decisions.
  • Train developers and create educational presentations.
  • Develop tools and automation supporting responsibilities.

What You Bring to The Team:

Qualifications - Required

• Strong interest in software security and development.
• Strong problem-solving capabilities using various technologies.
• Capability to research a new topic and to learn quickly.
• Experience breaking down complex systems and applications to identify threats.
• Excellent ability to communicate, verbally and in writing, complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management.
• Proficiency in reading, writing, and auditing code and the ability to learn new languages/technologies.
• Demonstrated proficiency in cloud and web technologies.
• 5-7 years of development experience
• 2+ years development lead experience.

 Qualifications - Preferred

• 1-2 years of application security experience.
• Experience threat modeling software systems.
• Experience applying OWASP Top10 or SANS Top 25.
• Experience with OAuth 2.0/OpenID Connect.

Optional skills:

• Relevant security certifications (CCSP, CISSP, CEH, etc.)
• Knowledge of containerization solutions, such as Kubernetes, Docker, and Istio.

What We Offer:

• Step into a collaborative work environment where ideas flourish, and teamwork propels us forward towards shared success; see our colleague video for a taste of our culture and watch this short documentary about how we got our start.
• An attractive salary and benefits package.
• Bentley Impact Day: take a day off from work to volunteer with an organization of your choice.
• Celebrate milestone achievements and moments that matter through our colleague recognition award programs and our Bentley Achievers platform.  
• A commitment to inclusion, belonging and colleague wellbeing through global initiatives and resource groups.
• Be part of a company committed to making a real difference by advancing the world’s infrastructure for better quality of life, where your contributions help build a more sustainable, connected, and resilient world. Discover our latest user success stories for an insight into our global impact.

About Bentley Systems:

Bentley Systems (Nasdaq: BSY) is the infrastructure engineering software company. We provide innovative software to advance the world’s infrastructure – sustaining both the global economy and environment. Our industry-leading software solutions are used by professionals, and organizations of every size, for the design, construction, and operations of roads and bridges, rail and transit, water and wastewater, public works and utilities, buildings and campuses, mining, and industrial facilities. Our offerings, powered by the iTwin Platform for infrastructure digital twins, include MicroStation and Bentley Open applications for modeling and simulation, Seequent’s software for geoprofessionals, and Bentley Infrastructure Cloud encompassing ProjectWise for project delivery, SYNCHRO for construction management, and AssetWise for asset operations. Bentley Systems’ 5,200 colleagues generate annual revenues of more than $1 billion in 194 countries.

www.bentley.com

Equal Opportunity Employer:

Bentley is proud to be an equal opportunity employer and considers for employment all qualified applicants without regard to race, color, gender/gender identity, sexual orientation, disability, marital status, religion/belief, national origin, caste, age, or any other characteristic protected by local law or unrelated to job qualifications.