Cvent’s Information Security team seeks a Senior Application Security Engineer to support delivery of secure cloud-based software platforms and applications. As Senior Application Security Engineer, you will closely partner with Cvent product and engineering teams and be responsible for applying your cloud and web application security subject matter expertise to conduct product security reviews that consist of:
- Leading threat modeling and secure architecture reviews;
- Conducting static and dynamic application security testing, including penetration testing using manual techniques and automated tools;
- Handling reporting and driving timely resolution of security gaps; and
- Engaging with clients and external parties to provide product security assurance.
To be a successful Senior Application Security Engineer, you will rely on your strong technical and interpersonal communication skills to identify and productively address cloud and web application security weaknesses that may put Cvent platforms and customer data at risk. You will be responsible for managing multiple, high-profile projects, adapt quickly to shifting priorities and a cutting-edge technology landscape, and complete tasks on time in a fast-paced tech company. More specific responsibilities you will have include:
- Drive a secure SDLC program with the product and engineering teams, ensuring secure coding and threat modeling practices are adopted and taking place.
- Conduct threat modeling and static/dynamic application security testing with automated and manual testing techniques.
- Report and triage vulnerabilities found via various techniques, such as SAST, DAST, penetration testing, and reports from the field (such as from QA teams, customers, and/or the security research community).
- Track, support planning for, and ensure timeliness of, remediation of open product weaknesses or vulnerabilities.
- Advise and partner with product and engineering teams to ensure security is championed throughout their teams and reflected in software development practices.
- Engage with customers and relevant external parties to provide assurance in Cvent’s software security practices, product security posture and communicate security roadmap plans and status updates, as appropriate.
- Coordinate security penetration testing activities conducted by trusted security partners and/or customers, as applicable.
- Support technical audit activities to maintain compliance with Cvent’s internal security policies and security attestation standards and certifications, such as PCI, SOC 1 / SOC 2, CSA STAR, and ISO 27001.
- 5+ years of experience in application security, preferably with a coding/development background.
- Bachelor’s degree in an Information Technology related field of study or equivalent experience; relevant, industry recognized security certifications such as CISSP, CEH, GWAPT are encouraged.
- Strong working knowledge of secure coding and manual reviews.
- Experience in threat modeling and application security architectures reviews.
- Strong experience in manual penetration testing of web applications; experience testing mobile and API (REST and SOAP) applications a plus.
- Experience in using security testing tools such as Checkmarx, Burpsuite, AppScan, and DataTheorem.
- Exceptional communication, teamwork, and influencing skills that foster a collaborative and continuous-improvement environment.
- Ability to effectively communicate technical issues to both technical and non-technical audiences.
- Ability to adapt to a hyper-growth pace and changing priorities.
- Ability to manage multiple, concurrent projects, activities, and tasks under tight time constraints.
- Self-motivation and the ability to work under minimal supervision.