Principal Application Security Engineer

Job Description

Principal Application Security Engineer / Architect

Location: Gurgaon, India (Hybrid 2 days/week in office)

Department: Information Security / Application Security

Reports To: Manager, Application Security

Experience: 12+ years in cybersecurity, with a significant focus on application security and security architecture

Employment Type: Full-time | Hybrid- 2 days/week

Who You Are:

You are a highly experienced and visionary security professional with deep expertise in application security, architecture, and secure software development. Youre not only a strategist and a technical authority, but also someone who remains hands-on when it matters. You thrive on solving large-scale security problems, designing resilient security architectures, and enabling engineering teams to ship secure products without friction.

You lead with influence, partner with engineering and product leaders, and drive scalable security solutions across an enterprise. You also play a pivotal role in Cvents Application Security Research & Engineering (ASRE) programguiding the development of internal tooling, automation, and innovative approaches to secure software at scale.

What You'll Do:

- Design and own secure application architectures across Cvents product landscape, including SaaS platforms, mobile apps, APIs, and cloud-native services.
- Define and evolve application security strategy, driving initiatives that align with Cvents product roadmap and risk posture.
- Lead architecture reviews, threat modeling sessions, and risk assessments for high-impact products and features, including those involving AI/ML pipelines.
- Engineer and advocate scalable security solutions, from reusable libraries and security design patterns to tooling integrations within the SDLC.
- Build and maintain relationships with engineering leaders, product managers, and infrastructure teams to champion security-by-design principles.
- Partner with ASRE to define and drive automation projects, internal tool development, and scalable controls for vulnerability discovery and remediation.
- Serve as the security technical authority during escalations, post-incident reviews, customer audits, and design sprints.
- Provide technical leadership to the broader AppSec team, mentoring Senior and Lead engineers and participating in hiring and capability building.
- Evaluate and introduce new technologies, standards, or frameworks to improve application security and developer experience.

What You Bring:

- 12+ years of experience in information security, with a strong focus on application security, architecture design, and secure development practices.
- Deep understanding of secure software development lifecycles (SDLC), secure design principles, and modern threat landscapes (including AI/ML risks, supply chain, cloud-native, and microservices).
- Proven ability to architect secure solutions across multi-tenant SaaS platforms, microservices, and API-driven ecosystems.
- Expertise in performing and leading threat modeling, code reviews, and architecture risk assessments.
- Strong coding and scripting skills (e.g., Python, Java, JavaScript, TypeScript, etc.); ability to prototype tools or support ASRE initiatives directly.
- Hands-on experience with security tools and platforms (e.g., SAST, DAST, IAST, SCA, container scanning, IaC analysis).
- Familiarity with cloud security and native controls (AWS/GCP/Azure), DevSecOps pipelines, and IaC tools like Terraform.
- Excellent communication skills with a proven ability to influence both technical and executive stakeholders.
- Strong grasp of regulatory frameworks and standards such as ISO 27001, SOC 2, PCI, OWASP, NIST 800-53/218, and AI RMF.

Bonus If You Have:

- Experience building security frameworks or reference architectures adopted across multiple product teams.
- Research contributions to ASRE-style initiatives, open-source tooling, or internal platform development.
- Knowledge of emerging AI security threats (adversarial ML, model poisoning, privacy leakage, etc.).
- Certifications such as AWS Certified Solutions ArchitectAssociate/Professional, CSSLP, OSWE, GCPN, CISSP, SABSA, or SANS/GIAC Architect-level certification.

Why You'll Love This Role:

- You'll define and influence the security architecture of platforms used by thousands of customers worldwide.
- You'll work on high-impact initiatives with the authority to shape how security is donenot just today, but for the long term.
- You'll help grow and mentor a world-class AppSec team while staying close to the technology you love.
- You'll drive an engineering-led security culture alongside leadership that supports security investment, research, and innovation.

---