Principal Engineer, Application Security

Job Description

You are a highly experienced and visionary security professional with deep expertise in application security, architecture, and secure software development

- You're not only a strategist and a technical authority, but also someone who remains hands-on when it matters
- You thrive on solving large-scale security problems, designing resilient security architectures, and enabling engineering teams to ship secure products without friction
- You lead with influence, partner with engineering and product leaders, and drive scalable security solutions across an enterprise
- You also play a pivotal role in Cvent's Application Security Research & Engineering (ASRE) program guiding the development of internal tooling, automation, and innovative approaches to secure software at scale

In This Role, You Will:

- Design and own secure application architectures across Cvent's product landscape, including SaaS platforms, mobile apps, APIs, and cloud-native services
- Define and evolve application security strategy, driving initiatives that align with Cvent's product roadmap and risk posture
- Lead architecture reviews, threat modeling sessions, and risk assessments for high-impact products and features, including those involving AI/ML pipelines
- Engineer and advocate scalable security solutions, from reusable libraries and security design patterns to tooling integrations within the SDLC
- Build and maintain relationships with engineering leaders, product managers, and infrastructure teams to champion security-by-design principles
- Partner with ASRE to define and drive automation projects, internal tool development, and scalable controls for vulnerability discovery and remediation
- Serve as the security technical authority during escalations, post-incident reviews, customer audits, and design sprints
- Provide technical leadership to the broader AppSec team, mentoring Senior and Lead engineers and participating in hiring and capability building
- Evaluate and introduce new technologies, standards, or frameworks to improve application security and developer experience

Heres What You Need:

- 12+ years of experience in information security, with a strong focus on application security, architecture design, and secure development practices
- Deep understanding of secure software development lifecycles (SDLC), secure design principles, and modern threat landscapes (including AI/ML risks, supply chain, cloud-native, and microservices)
- Proven ability to architect secure solutions across multi-tenant SaaS platforms, microservices, and API-driven ecosystems
- Expertise in performing and leading threat modeling, code reviews, and architecture risk assessments
- Strong coding and scripting skills (e.g., Python, Java, JavaScript, TypeScript, etc); ability to prototype tools or support ASRE initiatives directly
- Hands-on experience with security tools and platforms (e.g., SAST, DAST, IAST, SCA, container scanning, IaC analysis)
- Familiarity with cloud security and native controls (AWS/GCP/Azure), DevSecOps pipelines, and IaC tools like Terraform
- Excellent communication skills with a proven ability to influence both technical and executive stakeholders
- Strong grasp of regulatory frameworks and standards such as ISO 27001, SOC 2, PCI, OWASP, NIST 800-53/218, and AI RMF

Bonus If You Have:

- Experience building security frameworks or reference architectures adopted across multiple product teams
- Research contributions to ASRE-style initiatives, open-source tooling, or internal platform development
- Knowledge of emerging AI security threats (adversarial ML, model poisoning, privacy leakage, etc)
- Certifications such as AWS Certified Solutions Architect Associate/Professional, CSSLP, OSWE, GCPN, CISSP, SABSA, or SANS/GIAC Architect-level certification

Why you'll Love This Role:

- You'll define and influence the security architecture of platforms used by thousands of customers worldwide
- You'll work on high-impact initiatives with the authority to shape how security is done not just today, but for the long term
- You'll help grow and mentor a world-class AppSec team while staying close to the technology you love
- You'll drive an engineering-led security culture alongside leadership that supports security investment, research, and innovation

---