Principal Engineer, Application Security @ Cvent

Design and own secure application architectures across Cvent s product landscape, including SaaS platforms, mobile apps, APIs, and cloud-native services.
Define and evolve application security strategy, driving initiatives that align with Cvent s product roadmap and risk posture.
Lead architecture reviews, threat modeling sessions, and risk assessments for high-impact products and features, including those involving AI/ML pipelines.
Engineer and advocate scalable security solutions, from reusable libraries and security design patterns to tooling integrations within the SDLC.
Build and maintain relationships with engineering leaders, product managers, and infrastructure teams to champion security-by-design principles.
Partner with ASRE to define and drive automation projects, internal tool development, and scalable controls for vulnerability discovery and remediation.
Serve as the security technical authority during escalations, post-incident reviews, customer audits, and design sprints.
Provide technical leadership to the broader AppSec team, mentoring Senior and Lead engineers and participating in hiring and capability building.
Evaluate and introduce new technologies, standards, or frameworks to improve application security and developer experience.
Overview: You are a highly experienced and visionary security professional with deep expertise in application security, architecture, and secure software development.
You re not only a strategist and a technical authority, but also someone who remains hands-on when it matters.
You thrive on solving large-scale security problems, designing resilient security architectures, and enabling engineering teams to ship secure products without friction.
You lead with influence, partner with engineering and product leaders, and drive scalable security solutions across an enterprise.
You also play a pivotal role in Cvent s Application Security Research Engineering (ASRE) program guiding the development of internal tooling, automation, and innovative approaches to secure software at scale.
In This Role, You Will: Design and own secure application architectures across Cvent s product landscape, including SaaS platforms, mobile apps, APIs, and cloud-native services.
Define and evolve application security strategy, driving initiatives that align with Cvent s product roadmap and risk posture.
Lead architecture reviews, threat modeling sessions, and risk assessments for high-impact products and features, including those involving AI/ML pipelines.
Engineer and advocate scalable security solutions, from reusable libraries and security design patterns to tooling integrations within the SDLC.
Build and maintain relationships with engineering leaders, product managers, and infrastructure teams to champion security-by-design principles.
Partner with ASRE to define and drive automation projects, internal tool development, and scalable controls for vulnerability discovery and remediation.
Serve as the security technical authority during escalations, post-incident reviews, customer audits, and design sprints.
Provide technical leadership to the broader AppSec team, mentoring Senior and Lead engineers and participating in hiring and capability building.
Evaluate and introduce new technologies, standards, or frameworks to improve application security and developer experience.
Heres What You Need: 12+ years of experience in information security, with a strong focus on application security, architecture design, and secure development practices.
Deep understanding of secure software development lifecycles (SDLC), secure design principles, and modern threat landscapes (including AI/ML risks, supply chain, cloud-native, and microservices).
Proven ability to architect secure solutions across multi-tenant SaaS platforms, microservices, and API-driven ecosystems.
Expertise in performing and leading threat modeling, code reviews, and architecture risk assessments.
Strong coding and scripting skills (e.g., Python, Java, JavaScript, TypeScript, etc.); ability to prototype tools or support ASRE initiatives directly.
Hands-on experience with security tools and platforms (e.g., SAST, DAST, IAST, SCA, container scanning, IaC analysis).
Familiarity with cloud security and native controls (AWS/GCP/Azure), DevSecOps pipelines, and IaC tools like Terraform.
Excellent communication skills with a proven ability to influence both technical and executive stakeholders.
Strong grasp of regulatory frameworks and standards such as ISO 27001, SOC 2, PCI, OWASP, NIST 800-53/218, and AI RMF.
Bonus If You Have: Experience building security frameworks or reference architectures adopted across multiple product teams.
Research contributions to ASRE-style initiatives, open-source tooling, or internal platform development.
Knowledge of emerging AI security threats (adversarial ML, model poisoning, privacy leakage, etc.).
Certifications such as AWS Certified Solutions Architect Associate/Professional, CSSLP, OSWE, GCPN, CISSP, SABSA, or SANS/GIAC Architect-level certification.
Why You ll Love This Role: You ll define and influence the security architecture of platforms used by thousands of customers worldwide.
You ll work on high-impact initiatives with the authority to shape how security is done not just today, but for the long term.
You ll help grow and mentor a world-class AppSec team while staying close to the technology you love.
You ll drive an engineering-led security culture alongside leadership that supports security investment, research, and innovation.