Application Security Engineer (Defender)

We are seeking a passionate and skilled Application Security Engineer to join our global Product Security team. As part of a collaborative group of AppSec experts, you’ll play a vital role in protecting our innovative software solutions. This is a unique opportunity to work at the forefront of cybersecurity, helping shape secure development practices across a wide range of technologies—from C#, Typescript, JavaScript, single-page applications and Electron applications, Azure cloud services, K8s, and more.

• Conduct manual security code reviews to identify vulnerabilities.
• Collaborate with developers to ensure secure design, implementation, and verification of applications.
• Provide remediation guidance and actionable recommendations.
• Help define and promote Secure Software Development Lifecycle (SSDLC) best practices.
• Support stakeholders in making risk-based security decisions.
• Deliver training sessions and create educational materials for development teams.
• Build tools and automation to streamline security processes.

• 3+ years of experience in software development and security, with a strong focus on manual code review and white-box vulnerability analysis.
• Proficiency in reading, writing, and auditing code across multiple languages and platforms.
• Strong analytical skills and a passion for software security and secure coding practices.
• Experience with web technologies (JavaScript, HTML5, HTTP, REST, SOAP).
• Familiarity with programming languages such as .NET Core, C#, Java, TypeScript, C / C++.
• Solid understanding of OWASP Top 10, SANS Top 25, and common security flaws.
• Hands-on experience with cloud technologies (Azure preferred).
• Proficiency in containerization using Kubernetes and Docker.
• Ability to quickly learn new technologies and conduct independent research.

• Experience with OAuth / OpenID Connect.
• Ability to exploit vulnerabilities (deserialization, HTTP smuggling).
• Interest in fuzzing, reverse engineering, and crash analysis.
• Relevant certifications such as CCSP, CISSP, CEH, or similar.

• A great Team and culture – please see our colleague video.
• An exciting career as an integral part of a world-leading software company providing solutions for architecture, engineering, and construction - watch this documentary about how we got our start.
• An attractive salary and benefits package.
• A commitment to inclusion, belonging, and colleague wellbeing through global initiatives and resource groups.
• A company committed to making a real difference by advancing the world’s infrastructure for a better quality of life, where your contributions help build a more sustainable, connected, and resilient world. Discover our latest user success stories for an insight into our global impact.
• Please note that this information applies only to Lithuania. If you are employed full-time, the salary for this position ranges from 4000 EUR gross (before taxes, applicable only in Lithuania), depending on your knowledge and experience.

Around the world, infrastructure professionals rely on software from Bentley Systems to help them design, build, and operate better and more resilient infrastructure for transportation, water, energy, cities, and more. Founded in 1984 by engineers for engineers, Bentley is the partner of choice for engineering firms and owner-operators worldwide, with software that spans engineering disciplines, industry sectors, and all phases of the infrastructure lifecycle. Through our digital twin solutions, we help infrastructure professionals unlock the value of their data to transform project delivery and asset performance.