About the position
Bentley Systems is seeking a director level, Division Security Champion to lead application security across the Asset Analytics division, encompassing cloud-native web applications and AI/ML-driven platforms. This senior leadership role drives Secure Software Development Lifecycle (SSDLC) practices, improves product risk posture, and ensures secure delivery across SaaS and AI systems.
Responsibilities
• Act as the division’s Security Champion, leading a distributed network of security champions
• Define and execute AppSec strategy aligned with Bentley’s enterprise program
• Measure and reduce application risk across the portfolio
• Lead DevSecOps and SSDLC practices including threat modeling, architecture reviews, and vulnerability management
• Secure AI/ML systems including model lifecycle, data protection, and MLOps integration
• Oversee incident response, vulnerability remediation, forensics, post-mortems, and bug bounty processes
• Manage third-party and open-source security risk
• Build a security-first engineering culture across teams
Requirements
• 10+ years of experience in application or development security roles
• Security certifications such as CISSP, GIAC, or OSCP
• Expertise in secure development, threat modeling, and cloud-native security including assessing security impact of PRs and using tools such as Burp Suite Pro to assess vulnerabilities
• DevSecOps and CI/CD security experience
• Strong cross-functional leadership and communication skills
Nice-to-haves
• Experience securing AI/ML systems or MLOps pipelines
• Experience in container hardening or K8s security best practices
• Experience with multi-tenant SaaS platforms
• Experience with ISO27001, FedRAMP, SOC2, or similar frameworks