Lead Application Security Engineer
Apply NowCompany: Cvent
Location: Dunn Loring, VA 22027
Description:
Overview:
We are seeking an experienced, hands-on Application Security Engineer with a passion for building secure products, automating security workflows, and influencing development teams to embed security into the product development lifecycle. Whether taking ownership as a Lead Engineer or growing deep technical skills as a Senior Engineer, there is an opportunity to make a measurable impact.
Excelling at the core of Application Security-from secure design reviews, threat modeling to vulnerability discovery via penetration tests and remediation-is crucial, coupled with an engineering mindset that enhances overall impact. Additionally, there is a passion for building internal tools, scripting automation, and scaling security practices across diverse tech stacks as part of Cvent's Application Security Research & Engineering (ASRE) program.
Great Opportunity To:
** Build and automate security programs that scale across hundreds of apps and services. **
** Join the ASRE team to innovate at the forefront of Application Security. **
** Work with teams who take security seriously and give you the support to make meaningful change. **
** Grow in a role that offers both technical depth and leadership opportunities, depending on your experience and ambition. **
In This Role, You Will:
Here's What You Need:
Bonus If You Have:
Experience securing AI/ML pipelines and understanding of adversarial ML or model privacy concerns.
Exposure to DevSecOps, SBOMs, IaC security, or supply chain risk management
Security certifications such as AWS Certified Security - Specialty, AWS Certified Solutions Architect - Associate/Professional, CSSLP, OSWE, GWAPT, CISSP, or similar
Physical Demands
We are not able to offer sponsorship for this position
We are seeking an experienced, hands-on Application Security Engineer with a passion for building secure products, automating security workflows, and influencing development teams to embed security into the product development lifecycle. Whether taking ownership as a Lead Engineer or growing deep technical skills as a Senior Engineer, there is an opportunity to make a measurable impact.
Excelling at the core of Application Security-from secure design reviews, threat modeling to vulnerability discovery via penetration tests and remediation-is crucial, coupled with an engineering mindset that enhances overall impact. Additionally, there is a passion for building internal tools, scripting automation, and scaling security practices across diverse tech stacks as part of Cvent's Application Security Research & Engineering (ASRE) program.
Great Opportunity To:
** Build and automate security programs that scale across hundreds of apps and services. **
** Join the ASRE team to innovate at the forefront of Application Security. **
** Work with teams who take security seriously and give you the support to make meaningful change. **
** Grow in a role that offers both technical depth and leadership opportunities, depending on your experience and ambition. **
In This Role, You Will:
- Integrate and scale security across the SDLC, embedding tools like SAST, DAST, and SCA within CI/CD pipelines.
- Perform threat modeling, secure code and design reviews, penetration testing and risk assessments for new and existing features-including cloud-native and AI/ML systems.
- Develop internal tools to automate security testing, support securing cloud-native applications using AWS CDK (CDF), and governance processes using scripting languages like Python, JavaScript, TypeScript, or similar.
- Collaborate with engineering teams to remediate vulnerabilities identified via scans, manual testing, or external assessments.
- Partner with product and engineering teams to improve the security posture of APIs, web apps, mobile apps, and infrastructure.
- Communicate risks clearly to technical and non-technical audiences and support compliance efforts with ISO 27001, SOC2, and PCI.
- Drive strategy and contribute to the roadmap for application security programs across multiple product lines.
- Mentor senior and junior engineers, conduct peer reviews, and champion a security-first mindset across teams.
- Lead complex, cross-functional security initiatives and represent Application Security in technical design decisions at the architecture level.
- Work closely with Product & Engineering leadership to prioritize security objectives in line with Cvent's product roadmap.
Here's What You Need:
- 8+ years of hands-on experience in application security or secure software development.
- Strong scripting/programming skills-able to automate tasks and build internal tools using Python, JavaScript, Bash, or similar.
- Experience with CI/CD toolchains and integration of security tools in SDLC.
- Strong familiarity with cloud platforms (AWS-preferred, GCP, or Azure) and principles of cloud-native security.
- Proficiency in security testing tools (e.g., BurpSuite, Checkmarx, Mend, Veracode, Fortify, ZAP, etc.).
- Strong grasp of OWASP Top 10, CWE, SANS Top 25, secure coding practices, and web application vulnerabilities.
- Demonstrated experience with increasing scope and leadership responsibilities in application security.
- Demonstrated ownership of security architecture, programs, or strategic initiatives across multiple teams.
- Proven track record of mentoring, leading by influence, and scaling security practices in product organizations.
- Deep experience in driving secure development transformations and partnering with engineering leadership.
Bonus If You Have:
Experience securing AI/ML pipelines and understanding of adversarial ML or model privacy concerns.
Exposure to DevSecOps, SBOMs, IaC security, or supply chain risk management
Security certifications such as AWS Certified Security - Specialty, AWS Certified Solutions Architect - Associate/Professional, CSSLP, OSWE, GWAPT, CISSP, or similar
Physical Demands
We are not able to offer sponsorship for this position