Experience Inc. Jobs

Job Information

Cvent Principal Application Security Engineer / Hands-On Technical Manager in United States

Job Description:

Cvent’s Information Security team is rapidly growing and seeks a Principal Application (Product) Security Engineer focused on driving and owning our application security programs within the Cvent product and development teams, as well as providing our customers with product security assurance. This person will be conducting regular security reviews (e.g. threat modeling, SAST, DAST), working closely with our internal product and development teams to ensure timely resolution of found security gaps, and working with our external clients on application security updates. This position requires both strong technical and communication skills, with experience in finding and advising on fixes for application security vulnerabilities, and excellent oral and written communication skills to coherently relay security information to both business clients and technical audiences. This person must be able to handle multiple deadlines and high priority issues at the same time, be able to adapt quickly against shifting priorities, and drive security resolution in a fast-paced and high-profile technology landscape.

What You Will Be Doing:

  • Be the main point of contact for driving and leading our application security programs in one or more of our product applications

  • Drive our secure SDLC program with product development teams ensuring secure coding practices, SAST, DAST, and pentesting activity occurs on a regular basis

  • Define, maintain and enforce application security best practices. Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation

  • Lead architecture and design reviews with senior product and development/DevOps staff; define and design security code analysis tools and frameworks

  • Conduct threat modeling and static/dynamic application security testing with automated and manual testing techniques

  • Report and triage vulnerabilities; provide metrics, track, plan, and ensure timely remediation of open issues

  • Collaborate and communicate effectively with product and development teams to ensure security is championed throughout their processes

  • Provide remediation plans and status updates on vulnerability closure to external clients on a regular basis

  • Coordinate and negotiate security pentesting activity with external clients and 3rd party vendors

  • Perform and/or facilitate secure code development training to developers and relevant staff, as needed

  • Act as project manager for strategic and tactical projects, self-direct, and provide direction and guidance to individuals or small teams / mentor junior level team members

  • Assist in technical audit activity to ensure compliance with security policies and other industry standards (e.g. PCI, ISO27001, SOC1/SOC2)

What You Need for this Position:

  • 8+ years of experience in application security, preferably with a coding/development background

  • Bachelor’s degree in an Information Technology related field of study or equivalent experience; relevant, industry recognized security certification such as CISSP, CEH, GWAPT

  • Expert knowledge of information security principles, application security and secure coding, and a level of familiarity with malicious code and common techniques used by attackers

  • Extensive experience testing web applications with common application security testing tools such as Checkmarx and Burpsuite; experience testing mobile/API applications a plus

  • Experience implementing Secure SDLC, BSIMM, OWASP Top 10, and/or similar security and industry standard frameworks

  • Experience working with clients and 3rd parties negotiating and ensuring proper business outcomes with security findings and testing activity

  • Exceptional communication, teamwork, and influencing skills that foster a collaborative and continuous-improvement environment

  • Ability to communicate technical issues to both technical and non-technical audiences

  • Ability to adapt to a hyper-growth pace and changing priorities

  • Ability to manage multiple, concurrent projects, activities, and tasks under tight time constraints

  • Self-motivation and the ability to work under minimal supervision

What You Need for this Position:

  • 8+ years of experience in application security, preferably with a coding/development background

  • Bachelor’s degree in an Information Technology related field of study or equivalent experience; relevant, industry recognized security certification such as CISSP, CEH, GWAPT

  • Expert knowledge of information security principles, application security and secure coding, and a level of familiarity with malicious code and common techniques used by attackers

  • Extensive experience testing web applications with common application security testing tools such as Checkmarx and Burpsuite; experience testing mobile/API applications a plus

  • Experience implementing Secure SDLC, BSIMM, OWASP Top 10, and/or similar security and industry standard frameworks

  • Experience working with clients and 3rd parties negotiating and ensuring proper business outcomes with security findings and testing activity

  • Exceptional communication, teamwork, and influencing skills that foster a collaborative and continuous-improvement environment

  • Ability to communicate technical issues to both technical and non-technical audiences

  • Ability to adapt to a hyper-growth pace and changing priorities

  • Ability to manage multiple, concurrent projects, activities, and tasks under tight time constraints

  • Self-motivation and the ability to work under minimal supervision

DirectEmployers