Principal Engineer, Application Security

You are a highly experienced and visionary security professional with deep expertise in application security, architecture, and secure software development

• You're not only a strategist and a technical authority, but also someone who remains hands-on when it matters
• You thrive on solving large-scale security problems, designing resilient security architectures, and enabling engineering teams to ship secure products without friction
• You lead with influence, partner with engineering and product leaders, and drive scalable security solutions across an enterprise
• You also play a pivotal role in Cvent's Application Security Research & Engineering (ASRE) program guiding the development of internal tooling, automation, and innovative approaches to secure software at scale

In This Role, You Will:

• Design and own secure application architectures across Cvent's product landscape, including SaaS platforms, mobile apps, APIs, and cloud-native services
• Define and evolve application security strategy, driving initiatives that align with Cvent's product roadmap and risk posture
• Lead architecture reviews, threat modeling sessions, and risk assessments for high-impact products and features, including those involving AI/ML pipelines
• Engineer and advocate scalable security solutions, from reusable libraries and security design patterns to tooling integrations within the SDLC
• Build and maintain relationships with engineering leaders, product managers, and infrastructure teams to champion security-by-design principles
• Partner with ASRE to define and drive automation projects, internal tool development, and scalable controls for vulnerability discovery and remediation
• Serve as the security technical authority during escalations, post-incident reviews, customer audits, and design sprints
• Provide technical leadership to the broader AppSec team, mentoring Senior and Lead engineers and participating in hiring and capability building
• Evaluate and introduce new technologies, standards, or frameworks to improve application security and developer experience

Heres What You Need:

• 12+ years of experience in information security, with a strong focus on application security, architecture design, and secure development practices
• Deep understanding of secure software development lifecycles (SDLC), secure design principles, and modern threat landscapes (including AI/ML risks, supply chain, cloud-native, and microservices)
• Proven ability to architect secure solutions across multi-tenant SaaS platforms, microservices, and API-driven ecosystems
• Expertise in performing and leading threat modeling, code reviews, and architecture risk assessments
• Strong coding and scripting skills (e.g., Python, Java, JavaScript, TypeScript, etc); ability to prototype tools or support ASRE initiatives directly
• Hands-on experience with security tools and platforms (e.g., SAST, DAST, IAST, SCA, container scanning, IaC analysis)
• Familiarity with cloud security and native controls (AWS/GCP/Azure), DevSecOps pipelines, and IaC tools like Terraform
• Excellent communication skills with a proven ability to influence both technical and executive stakeholders
• Strong grasp of regulatory frameworks and standards such as ISO 27001, SOC 2, PCI, OWASP, NIST 800-53/218, and AI RMF

Bonus If You Have:

• Experience building security frameworks or reference architectures adopted across multiple product teams
• Research contributions to ASRE-style initiatives, open-source tooling, or internal platform development
• Knowledge of emerging AI security threats (adversarial ML, model poisoning, privacy leakage, etc)
• Certifications such as AWS Certified Solutions Architect Associate/Professional, CSSLP, OSWE, GCPN, CISSP, SABSA, or SANS/GIAC Architect-level certification

Why you'll Love This Role:

• You'll define and influence the security architecture of platforms used by thousands of customers worldwide
• You'll work on high-impact initiatives with the authority to shape how security is done not just today, but for the long term
• You'll help grow and mentor a world-class AppSec team while staying close to the technology you love
• You'll drive an engineering-led security culture alongside leadership that supports security investment, research, and innovation