HiringCafe
Posted 2h ago

Division Security Champion (Exton, PA, US)

@ Bentley Systems
View All Jobs
Exton or United States
OnsiteFull Time
Responsibilities:leading champions, defining strategy, securing applications
Requirements Summary:Director-level application security role requiring 10+ years in app/dev security, security certifications (CISSP, GIAC, OSCP), expertise in SSDLC, threat modeling, DevSecOps/CI/CD, cloud-native and AI/ML security, and leadership across distributed teams.
Technical Tools Mentioned:Burp Suite Pro, K8s, CI/CD, DevSecOps, MLOps, AI/ML, SaaS, cloud-native, ISO27001, FedRAMP, SOC2
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Division Security Champion – Asset Analytics


Bentley Systems | Location: Flexible / Global



Role Summary


Bentley Systems is seeking a director level, Division Security Champion to lead application security across the Asset Analytics division, encompassing cloud-native web applications and AI/ML-driven platforms. This senior leadership role drives Secure Software Development Lifecycle (SSDLC) practices, improves product risk posture, and ensures secure delivery across SaaS and AI systems.



Responsibilities



  • Act as the division’s Security Champion, leading a distributed network of security champions

  • Define and execute AppSec strategy aligned with Bentley’s enterprise program

  • Measure and reduce application risk across the portfolio

  • Lead DevSecOps and SSDLC practices including threat modeling, architecture reviews, and vulnerability management

  • Secure AI/ML systems including model lifecycle, data protection, and MLOps integration

  • Oversee incident response, vulnerability remediation, forensics, post-mortems, and bug bounty processes

  • Manage third-party and open-source security risk

  • Build a security-first engineering culture across teams



What Success Looks Like



  • Consistent SSDLC adoption across all products

  • Reduced risk and faster remediation timelines

  • Effective security champion network

  • Secure delivery of cloud-native and AI-powered applications

  • Becoming the trusted security advisor for the division



Qualifications


Required



  • 10+ years of experience in application or development security roles

  • Security certifications such as CISSP, GIAC, or OSCP

  • Expertise in secure development, threat modeling, and cloud-native security including assessing security impact of PRs and using tools such as Burp Suite Pro to assess vulnerabilities

  • DevSecOps and CI/CD security experience

  • Strong cross-functional leadership and communication skills



Preferred



  • Experience securing AI/ML systems or MLOps pipelines

  • Experience in container hardening or K8s security best practices

  • Experience with multi-tenant SaaS platforms

  • Experience with ISO27001, FedRAMP, SOC2, or similar frameworks