Job description

Cvent is a leading meetings, events, and hospitality technology provider with more than 4,800 employees and ~22,000 customers worldwide, including 53% of the Fortune 500. Founded in 1999, Cvent delivers a comprehensive event marketing and management platform for marketers and event professionals and offers software solutions to hotels, special event venues and destinations to help them grow their group/MICE and corporate travel business. Our technology brings millions of people together at events around the world. In short, we’re transforming the meetings and events industry through innovative technology that powers the human connection. The DNA of Cvent is our people, and our culture has an emphasis on fostering intrapreneurship - a system that encourages Cventers to think and act like individual entrepreneurs and empowers them to take action, embrace risk, and make decisions as if they had founded the company themselves. At Cvent, we value the diverse perspectives that each individual brings. Whether working with a team of colleagues or with clients, we ensure that we foster a culture that celebrates differences and builds on shared connections. You are an experienced, hands-on Application Security Engineer who’s passionate about building secure products, automating security workflows, and influencing development teams to embed security into the product development lifecycle. Whether you're ready to take ownership as a Lead Engineer, or growing your deep technical skills as a Senior Engineer, you're ready to make a measurable impact. You are required to be in the office for 2 days/week. You excel at the core of Application Security—from secure design reviews, threat modeling to vulnerability discovery via penetration tests and remediation—and bring an engineering mindset that enhances your impact. You’re also passionate about building internal tools, scripting automation, and scaling security practices across diverse tech stacks as part of Cvent’s Application Security Research & Engineering (ASRE) program. You’ll build and automate security programs that scale across hundreds of apps and services. You’ll join the ASRE team to innovate at the forefront of Application Security. You’ll work with teams who take security seriously and give you the support to make meaningful change. You’ll grow in a role that offers both technical depth and leadership opportunities, depending on your experience and ambition. • Integrate and scale security across the SDLC, embedding tools like SAST, DAST, and SCA within CI/CD pipelines. • Perform threat modeling, secure code and design reviews, penetration testing and risk assessments for new and existing features—including cloud-native and AI/ML systems. • Develop internal tools to automate security testing, support securing cloud-native applications using AWS CDK (CDF), and governance processes using scripting languages like Python, JavaScript, TypeScript, or similar. • Collaborate with engineering teams to remediate vulnerabilities identified via scans, manual testing, or external assessments. • Partner with product and engineering teams to improve the security posture of APIs, web apps, mobile apps, and infrastructure. • Communicate risks clearly to technical and non-technical audiences and support compliance efforts with ISO 27001, SOC2, and PCI. • Drive strategy and contribute to the roadmap for application security programs across multiple product lines. • Mentor senior and junior engineers, conduct peer reviews, and champion a security-first mindset across teams. • Lead complex, cross-functional security initiatives and represent Application Security in technical design decisions at the architecture level. • Work closely with Product & Engineering leadership to prioritize security objectives in line with Cvent’s product roadmap. • 8+ years of hands-on experience in application security or secure software development. • Strong scripting/programming skills—able to automate tasks and build internal tools using Python, JavaScript, Bash, or similar. • Experience with CI/CD toolchains and integration of security tools in SDLC. • Strong familiarity with cloud platforms (AWS-preferred, GCP, or Azure) and principles of cloud-native security. • Proficiency in security testing tools (e.g., BurpSuite, Checkmarx, Mend, Veracode, Fortify, ZAP, etc.). • Strong grasp of OWASP Top 10, CWE, SANS Top 25, secure coding practices, and web application vulnerabilities. • 6+ years of experience with increasing scope and leadership responsibilities in application security. • Demonstrated ownership of security architecture, programs, or strategic initiatives across multiple teams. • Proven track record of mentoring, leading by influence, and scaling security practices in product organizations. • Deep experience in driving secure development transformations and partnering with engineering leadership. Bonus if you have: • Experience securing AI/ML pipelines and understanding of adversarial ML or model privacy concerns. • Exposure to DevSecOps, SBOMs, IaC security, or supply chain risk management • Security certifications such as AWS Certified Security - Specialty, AWS Certified Solutions Architect - Associate/Professional, CSSLP, OSWE, GWAPT, CISSP, or similar

Requirements