Bentley Systems describes itself as the world-leading provider of infrastructure software. The company serves the engineers and other professionals responsible
Division Security Champion
Location
Worldwide
Posted
18 days ago
Salary
0
Seniority
Mid Level
Job Description
Division Security Champion
Bentley Systems
Role Description Bentley Systems is seeking a director level, Division Security Champion to lead application security across the Asset Analytics division, encompassing cloud-native web applications and AI/ML-driven platforms. This senior leadership role drives Secure Software Development Lifecycle (SSDLC) practices, improves product risk posture, and ensures secure delivery across SaaS and AI systems. - Act as the division’s Security Champion, leading a distributed network of security champions - Define and execute AppSec strategy aligned with Bentley’s enterprise program - Measure and reduce application risk across the portfolio - Lead DevSecOps and SSDLC practices including threat modeling, architecture reviews, and vulnerability management - Secure AI/ML systems including model lifecycle, data protection, and MLOps integration - Oversee incident response, vulnerability remediation, forensics, post-mortems, and bug bounty processes - Manage third-party and open-source security risk - Build a security-first engineering culture across teams What Success Looks Like: - Consistent SSDLC adoption across all products - Reduced risk and faster remediation timelines - Effective security champion network - Secure delivery of cloud-native and AI-powered applications - Becoming the trusted security advisor for the division Qualifications - 10+ years of experience in application or development security roles - Security certifications such as CISSP, GIAC, or OSCP - Expertise in secure development, threat modeling, and cloud-native security including assessing security impact of PRs and using tools such as Burp Suite Pro to assess vulnerabilities - DevSecOps and CI/CD security experience - Strong cross-functional leadership and communication skills - Experience securing AI/ML systems or MLOps pipelines - Experience in container hardening or K8s security best practices - Experience with multi-tenant SaaS platforms - Experience with ISO27001, FedRAMP, SOC2, or similar frameworks Company Description
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Be the link between Information Security (IS) and the business. • Serve as the dedicated and ongoing Information Security point of contact for Product and Engineering squads. • Actively participate in team ceremonies, planning sessions and product reviews — not as an occasional guest, but as a relevant member of the conversation. • Translate security requirements into language and context that make sense for development teams, product managers (PMs) and product leaders. • Identify, assess, and communicate security risks clearly to non-technical stakeholders. • Build and track risk treatment plans with the areas, prioritizing based on real business impact. • Ensure Product and Engineering teams understand the risks they are assuming with each decision — and that those choices are made consciously. • Act as a facilitator between squads and the IAM team for access provisioning and reviews — removing friction while maintaining necessary controls. • Support teams in incorporating security practices throughout the development lifecycle (security by design, threat modeling, architecture reviews). • Act as a guide on compliance and Information Security policies, with a pragmatic view of the real needs of those building the products. • Foster a security culture that is perceived as an enabler, not an obstacle. • Promote continuous, contextualized security awareness for Product and Engineering teams. • Identify recurring risk patterns and propose systemic improvements, not just ad-hoc fixes.
Security & Compliance Engineer
Grant Street GroupGrant Street Group specializes in cloud-based government solutions for tax collection, e-payments, and auctions.
• Support the day-to-day security posture of systems and services across cloud and on-prem environments. • Review vulnerability findings from scanners, penetration tests, and other assessments, and help drive remediation to closure. • Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, monitoring, and incident readiness. • Support compliance and assessment activities related to GovRAMP/FedRAMP, PCI DSS, internal reviews, and third-party examinations. • Use AWS security tooling effectively, support day-to-day security processes, and help translate security and compliance requirements into practical, durable operational outcomes. • Maintain documentation, procedures, and other operational artifacts so they stay aligned with the environment and current control expectations.
Security and Compliance Consultant
Planet TechnologiesFor 24 years, we have built our reputation on establishing trust. Trust with our clients and among our team.
• Serve as a primary technical lead on client engagements involving Microsoft security, compliance, and data protection solutions • Design and implement data security, governance, and compliance strategies aligned with Microsoft 365 and Azure capabilities • Advise clients on secure adoption of Microsoft Copilot, including data exposure risks, governance controls, and compliance considerations • Architect and deploy solutions leveraging tools such as: Microsoft Purview, Microsoft Defender suite and Microsoft Sentinel • Translate regulatory and compliance requirements into actionable technical solutions (e.g., ISO frameworks, government regulations, internal controls) • Conduct data discovery, classification, and protection strategy design • Collaborate with project managers and stakeholders to deliver high-quality outcomes • Contribute to pre-sales efforts, including solution design, scoping, and level-of-effort estimates • Create technical documentation, implementation guides, and client training materials • Act as a subject matter expert (SME) and mentor to other engineers • Develop and refine repeatable offerings around data security, compliance, and Copilot readiness • Stay current on evolving Microsoft security, compliance, and AI governance capabilities
Software Security Architect
NVIDIANVIDIA is committed to fostering an inclusive work environment and proud to be an equal opportunity employer. As we highly value diversity in our current and future employees, we do not discriminate (including in our hiring and promotion practices) on the basis of race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law.
• Define, analyze, and review secure software architectures for centralized automotive computing platforms • Perform threat modeling and security architecture analysis for mixed-criticality, multi-tenant automotive software systems • Partner with safety architects to reason about the interaction between security controls, safety mechanisms, failure modes, and recovery behavior • Define OS security policy, access control, isolation, and privilege models across Android, Linux, QNX, and virtualized environments • Build security systems that maintain integrity and availability for safety-critical vehicle software • Analyze security trade-offs involving performance, latency, memory footprint, boot time, diagnosability, and functional safety requirements • Guide engineering teams on secure build, secure coding, threat mitigation, and security review practices • Collaborate across software, hardware, safety, security, and systems teams to meet NVIDIA and automotive industry standards




