Senior Application Security Engineer

Overview

You are an experienced, hands-on Application Security Engineer who’s passionate about building secure products, automating security workflows, and influencing development teams to embed security into the product development lifecycle. Whether youre ready to take ownership or growing your deep technical skills as a Senior Engineer, youre ready to make a measurable impact. You are required to be in the office for 2 days/week.

You excel at the core of Application Security—from secure design reviews, threat modeling to vulnerability discovery via penetration tests and remediation—and bring an engineering mindset that enhances your impact. You’re also passionate about building internal tools, scripting automation, and scaling security practices across diverse tech stacks as part of Cvent’s Application Security Research & Engineering (ASRE) program

In This Role, You Will

• Integrate and scale security across the SDLC, embedding tools like SAST, DAST, and SCA within CI/CD pipelines.
• Perform threat modeling, secure code and design reviews, penetration testing and risk assessments for new and existing features—including cloud-native and AI/ML systems.
• Develop internal tools to automate security testing, support securing cloud-native applications using AWS CDK (CDF), and governance processes using scripting languages like Python, JavaScript, TypeScript, or similar.
• Collaborate with engineering teams to remediate vulnerabilities identified via scans, manual testing, or external assessments.
• Partner with product and engineering teams to improve the security posture of APIs, web apps, mobile apps, and infrastructure.
• Communicate risks clearly to technical and non-technical audiences and support compliance efforts with ISO 27001, SOC2, and PCI.
  
  

• You’ll build and automate security programs that scale across hundreds of apps and services.
• You’ll join the ASRE team to innovate at the forefront of Application Security.
• You’ll work with teams who take security seriously and give you the support to make meaningful change.
• You’ll grow in a role that offers both technical depth and leadership opportunities, depending on your experience and ambition.
  
  

• 6+ years of hands-on experience in application security or secure software development.
• Strong scripting/programming skills—able to automate tasks and build internal tools using Python, JavaScript, Bash, or similar.
• Experience with CI/CD toolchains and integration of security tools in SDLC.
• Strong familiarity with cloud platforms (AWS-preferred, GCP, or Azure) and principles of cloud-native security.
• Proficiency in security testing tools (e.g., BurpSuite, Checkmarx, Mend, Veracode, Fortify, ZAP, etc.).
• Strong grasp of OWASP Top 10, CWE, SANS Top 25, secure coding practices, and web application vulnerabilities.
  
  

• Experience securing AI/ML pipelines and understanding of adversarial ML or model privacy concerns.
• Exposure to DevSecOps, SBOMs, IaC security, or supply chain risk management
• Security certifications such as AWS Certified Security - Specialty, AWS Certified Solutions Architect - Associate/Professional, CSSLP, OSWE, GWAPT, CISSP, OSCP