Cvent
Senior/Lead Application Security Engineer
Join to apply for the
Senior/Lead Application Security Engineer
role at
Cvent Overview
We are seeking an experienced, hands-on Application Security Engineer with a passion for building secure products, automating security workflows, and influencing development teams to embed security into the product development lifecycle. Whether taking ownership as a Lead Engineer or growing deep technical skills as a Senior Engineer, there is an opportunity to make a measurable impact. Excelling at core Application Security tasksfrom secure design reviews, threat modeling to vulnerability discovery via penetration tests and remediationis crucial. Additionally, there is a passion for building internal tools, scripting automation, and scaling security practices across diverse tech stacks as part of Cvents Application Security Research & Engineering (ASRE) program. Great Opportunity To
Build and automate security programs that scale across hundreds of apps and services. Join the ASRE team to innovate at the forefront of Application Security. Work with teams who prioritize security and support meaningful change. Grow in a role offering both
technical depth and leadership opportunities . In This Role, You Will
Integrate and scale security across the SDLC, embedding tools like SAST, DAST, and SCA within CI/CD pipelines. Perform threat modeling, secure code and design reviews, penetration testing, and risk assessments for new and existing featuresincluding cloud-native and AI/ML systems. Develop internal tools to automate security testing, support securing cloud-native applications using AWS CDK (CDF), and governance processes using scripting languages like Python, JavaScript, TypeScript, or similar. Collaborate with engineering teams to remediate vulnerabilities identified via scans, manual testing, or external assessments. Partner with product and engineering teams to improve the security posture of APIs, web apps, mobile apps, and infrastructure. Communicate risks clearly to technical and non-technical audiences and support compliance efforts with ISO 27001, SOC2, and PCI. If Hired At The Lead Level, You Will Also
Drive strategy and contribute to the roadmap for application security programs across multiple product lines. Mentor senior and junior engineers, conduct peer reviews, and champion a security-first mindset across teams. Lead complex, cross-functional security initiatives and represent Application Security in technical design decisions at the architecture level. Work closely with Product & Engineering leadership to prioritize security objectives in line with Cvents product roadmap. Here's What You Need
Minimum Qualifications (for Senior)
6+ years of hands-on experience in application security or secure software development. Strong scripting/programming skillsable to automate tasks and build internal tools using Python, JavaScript, Bash, or similar. Experience with CI/CD toolchains and integration of security tools in SDLC. Strong familiarity with cloud platforms (AWS preferred, GCP, or Azure) and principles of cloud-native security. Proficiency in security testing tools (e.g., BurpSuite, Checkmarx, Mend, Veracode, Fortify, ZAP, etc.). Strong grasp of OWASP Top 10, CWE, SANS Top 25, secure coding practices, and web application vulnerabilities. Additional Expectations (for Lead)
8+ years of experience with increasing scope and leadership responsibilities in application security. Demonstrated ownership of security architecture, programs, or strategic initiatives across multiple teams. Proven track record of mentoring, leading by influence, and scaling security practices in product organizations. Deep experience in driving secure development transformations and partnering with engineering leadership. Bonus If You Have
Experience securing AI/ML pipelines and understanding of adversarial ML or model privacy concerns. Exposure to DevSecOps, SBOMs, IaC security, or supply chain risk management. Security certifications such as AWS Certified Security - Specialty, AWS Solutions Architect (Associate/Professional), CSSLP, OSWE, GWAPT, CISSP, or similar. Physical Demands: We are not able to offer sponsorship for this position. #J-18808-Ljbffr
Join to apply for the
Senior/Lead Application Security Engineer
role at
Cvent Overview
We are seeking an experienced, hands-on Application Security Engineer with a passion for building secure products, automating security workflows, and influencing development teams to embed security into the product development lifecycle. Whether taking ownership as a Lead Engineer or growing deep technical skills as a Senior Engineer, there is an opportunity to make a measurable impact. Excelling at core Application Security tasksfrom secure design reviews, threat modeling to vulnerability discovery via penetration tests and remediationis crucial. Additionally, there is a passion for building internal tools, scripting automation, and scaling security practices across diverse tech stacks as part of Cvents Application Security Research & Engineering (ASRE) program. Great Opportunity To
Build and automate security programs that scale across hundreds of apps and services. Join the ASRE team to innovate at the forefront of Application Security. Work with teams who prioritize security and support meaningful change. Grow in a role offering both
technical depth and leadership opportunities . In This Role, You Will
Integrate and scale security across the SDLC, embedding tools like SAST, DAST, and SCA within CI/CD pipelines. Perform threat modeling, secure code and design reviews, penetration testing, and risk assessments for new and existing featuresincluding cloud-native and AI/ML systems. Develop internal tools to automate security testing, support securing cloud-native applications using AWS CDK (CDF), and governance processes using scripting languages like Python, JavaScript, TypeScript, or similar. Collaborate with engineering teams to remediate vulnerabilities identified via scans, manual testing, or external assessments. Partner with product and engineering teams to improve the security posture of APIs, web apps, mobile apps, and infrastructure. Communicate risks clearly to technical and non-technical audiences and support compliance efforts with ISO 27001, SOC2, and PCI. If Hired At The Lead Level, You Will Also
Drive strategy and contribute to the roadmap for application security programs across multiple product lines. Mentor senior and junior engineers, conduct peer reviews, and champion a security-first mindset across teams. Lead complex, cross-functional security initiatives and represent Application Security in technical design decisions at the architecture level. Work closely with Product & Engineering leadership to prioritize security objectives in line with Cvents product roadmap. Here's What You Need
Minimum Qualifications (for Senior)
6+ years of hands-on experience in application security or secure software development. Strong scripting/programming skillsable to automate tasks and build internal tools using Python, JavaScript, Bash, or similar. Experience with CI/CD toolchains and integration of security tools in SDLC. Strong familiarity with cloud platforms (AWS preferred, GCP, or Azure) and principles of cloud-native security. Proficiency in security testing tools (e.g., BurpSuite, Checkmarx, Mend, Veracode, Fortify, ZAP, etc.). Strong grasp of OWASP Top 10, CWE, SANS Top 25, secure coding practices, and web application vulnerabilities. Additional Expectations (for Lead)
8+ years of experience with increasing scope and leadership responsibilities in application security. Demonstrated ownership of security architecture, programs, or strategic initiatives across multiple teams. Proven track record of mentoring, leading by influence, and scaling security practices in product organizations. Deep experience in driving secure development transformations and partnering with engineering leadership. Bonus If You Have
Experience securing AI/ML pipelines and understanding of adversarial ML or model privacy concerns. Exposure to DevSecOps, SBOMs, IaC security, or supply chain risk management. Security certifications such as AWS Certified Security - Specialty, AWS Solutions Architect (Associate/Professional), CSSLP, OSWE, GWAPT, CISSP, or similar. Physical Demands: We are not able to offer sponsorship for this position. #J-18808-Ljbffr