Division Security Champion – Asset Analytics
Bentley Systems | Location: Flexible / US-Remote
Role Summary
Bentley Systems is seeking a director level, Division Security Champion to lead application security across the Asset Analytics division, encompassing cloud-native web applications and AI/ML-driven platforms. This senior leadership role drives Secure Software Development Lifecycle (SSDLC) practices, improves product risk posture, and ensures secure delivery across SaaS and AI systems.
Responsibilities
• Act as the division’s Security Champion, leading a distributed network of security champions
• Define and execute AppSec strategy aligned with Bentley’s enterprise program
• Measure and reduce application risk across the portfolio
• Lead DevSecOps and SSDLC practices including threat modeling, architecture reviews, and vulnerability management
• Secure AI/ML systems including model lifecycle, data protection, and MLOps integration
• Oversee incident response, vulnerability remediation, forensics, post-mortems, and bug bounty processes
• Manage third-party and open-source security risk
• Build a security-first engineering culture across teams
What Success Looks Like
• Consistent SSDLC adoption across all products
• Reduced risk and faster remediation timelines
• Effective security champion network
• Secure delivery of cloud-native and AI-powered applications
• Becoming the trusted security advisor for the division
Qualifications
Required
• 10+ years of experience in application or development security roles
• Security certifications such as CISSP, GIAC, or OSCP
• Expertise in secure development, threat modeling, and cloud-native security including assessing security impact of PRs and using tools such as Burp Suite Pro to assess vulnerabilities
• DevSecOps and CI/CD security experience
• Strong cross-functional leadership and communication skills
Preferred
• Experience securing AI/ML systems or MLOps pipelines
• Experience in container hardening or K8s security best practices
• Experience with multi-tenant SaaS platforms
• Experience with ISO27001, FedRAMP, SOC2, or similar frameworks
#LI-CS1 #LI-REMOTE