Application Security Engineer II

Overview: Cvent’s Information Security team seeks Application Security Engineer II to support delivery of secure cloud-based software platforms and applications. As an Application Security Engineer II, you will closely partner with Cvent product, engineering, and the application security team. You will be responsible for applying your cloud and web application security subject matter expertise to conduct product security reviews that consist of: Contribute to the AppSec Research and Engineering program by developing solutions to common security problems across Cvent products and automating operational activities. Support developing threat models to help identify risks in product design and implementation Participating in software design requirements and architectural reviews Handling reporting and driving timely resolution of security weaknesses or defects; and Engaging with internal stakeholders, security researchers, and customers to provide product security assurance. In This Role, You Will: To be a successful Application Security Engineer II, you will rely on your strong technical and interpersonal communication skills to identify and productively address cloud and web application security weaknesses that may put Cvent platforms and customer data at risk. You will be responsible for managing multiple, high-profile assignments, adapt quickly to shifting priorities and a cutting-edge technology landscape, and complete tasks on time in a fast-paced tech company. More specific responsibilities you will have include: Develop solutions for common security problems across Cvent products, contribute to AppSec Engineering projects. Develop threat models, conduct static/dynamic application security testing and internal penetration tests. Report and triage vulnerabilities found via various techniques, such as SAST, DAST, penetration testing, and reports from the field (such as from QA teams, customers, and/or the security research community). Track, support planning for, and ensure timeliness of remediation of open product weaknesses or vulnerabilities. Partner with product and engineering teams to ensure security is championed throughout their teams and reflected in software development practices. Engage with customers and relevant external parties to provide assurance in Cvent’s software security practices, product security posture and communicate security roadmap plans and status updates, as appropriate. Coordinate security penetration testing activities conducted by trusted security partners and/or customers, as applicable. Support technical audit activities to maintain compliance with Cvent’s internal security policies and security attestation standards and certifications, such as PCI, SOC 1 / SOC 2, CSA STAR, and ISO 27001. Here's What You Need: 3+ years of experience in application security and software development Scripting (python, ruby, groovy, etc.) experience to automate application security operational tasks and develop solutions for common security problems. Strong working knowledge of secure coding and manual reviews. Experience in threat modeling and application security architectures reviews is a plus. Strong experience in manual penetration testing of web applications; experience testing mobile and API (REST and SOAP) applications a plus. Experience in using security testing tools such as Checkmarks, Burpsuite, AppScan, and DataTheorem. Exceptional communication, teamwork, and influencing skills that foster a collaborative and continuous-improvement environment. Ability to effectively communicate technical issues to both technical and non-technical audiences. Ability to adapt to a hyper-growth pace and changing priorities. Ability to manage multiple, concurrent projects, activities, and tasks under tight time constraints. Self-motivation and the ability to work under minimal supervision. Bachelor’s degree in an Information Technology related field of study or equivalent experience; relevant, industry recognized security certifications such as CISSP, CEH, GWAPT are encouraged.
To be a successful Application Security Engineer II, you will rely on your strong technical and interpersonal communication skills to identify and productively address cloud and web application security weaknesses that may put Cvent platforms and customer data at risk. You will be responsible for managing multiple, high-profile assignments, adapt quickly to shifting priorities and a cutting-edge technology landscape, and complete tasks on time in a fast-paced tech company. More specific responsibilities you will have include: Develop solutions for common security problems across Cvent products, contribute to AppSec Engineering projects. Develop threat models, conduct static/dynamic application security testing and internal penetration tests. Report and triage vulnerabilities found via various techniques, such as SAST, DAST, penetration testing, and reports from the field (such as from QA teams, customers, and/or the security research community). Track, support planning for, and ensure timeliness of remediation of open product weaknesses or vulnerabilities. Partner with product and engineering teams to ensure security is championed throughout their teams and reflected in software development practices. Engage with customers and relevant external parties to provide assurance in Cvent’s software security practices, product security posture and communicate security roadmap plans and status updates, as appropriate. Coordinate security penetration testing activities conducted by trusted security partners and/or customers, as applicable. Support technical audit activities to maintain compliance with Cvent’s internal security policies and security attestation standards and certifications, such as PCI, SOC 1 / SOC 2, CSA STAR, and ISO 27001.
3+ years of experience in application security and software development Scripting (python, ruby, groovy, etc.) experience to automate application security operational tasks and develop solutions for common security problems. Strong working knowledge of secure coding and manual reviews. Experience in threat modeling and application security architectures reviews is a plus. Strong experience in manual penetration testing of web applications; experience testing mobile and API (REST and SOAP) applications a plus. Experience in using security testing tools such as Checkmarks, Burpsuite, AppScan, and DataTheorem. Exceptional communication, teamwork, and influencing skills that foster a collaborative and continuous-improvement environment. Ability to effectively communicate technical issues to both technical and non-technical audiences. Ability to adapt to a hyper-growth pace and changing priorities. Ability to manage multiple, concurrent projects, activities, and tasks under tight time constraints. Self-motivation and the ability to work under minimal supervision. Bachelor’s degree in an Information Technology related field of study or equivalent experience; relevant, industry recognized security certifications such as CISSP, CEH, GWAPT are encouraged.

---