View All Jobs

Technical Manager, Application Security

US-VA-Tysons Corner

Cvent’s Information Security team is rapidly growing and seeks a Technical Manager, Application Security to provide technical security expertise and knowledge in managing our products and programs, such as ensuring vulnerabilities are thoroughly discovered, validated, triaged, and tracked appropriately, overseeing our developer security training and SAST programs, and providing a strong focus on client, vendor, product, and development security resolution and coordination.  This position requires both excellent oral/written communication skills and technical security skills (e.g. validating vulnerability exploits), with the ability to coherently relay security information to both business clients and technical audiences.  This person must be able to handle multiple deadlines and high priority issues at the same time, be able to adapt quickly against shifting priorities, and drive application security in a fast-paced and high-profile technology landscape.


Position Duties:

  • Manage our product security program overseeing activities such as vulnerability management, developer security training, and SAST
  • Coordinate and negotiate security pen testing activity with clients and 3rd party vendors
  • Perform technical validation, testing, triaging, and risk analysis to product vulnerabilities
  • Provide metrics, track, plan, and ensure timely remediation of open issues
  • Conduct regular status meetings and follow up with product and development teams to ensure timely resolution of issues
  • Provide remediation plans and status updates on vulnerability closure to clients on a regular basis
  • Perform application architecture security reviews, threat modeling, and security assessments when needed
  • Conduct technical audit activity to ensure compliance with security policies and other industry standards (e.g. PCI, ISO27001, SOC1/SOC2)
  • Collaborate and communicate effectively with other departments in the company to ensure that security is championed throughout their process
Skills & Requirements
  • 5+ years of experience in application security and client and vendor interactions
  • Bachelor’s degree in an Information Technology related field of study, industry recognized security certification such as CISSP or CISA. PMP a plus.
  • Experience in application development like Java, ASP.NET, iOS, Android, Ruby or Python
  • Experience with OWASP Top 10, SANS Top 25, and secure coding techniques
  • Experience conducting application security vulnerability assessments and attacks including creation of proof-of-concept exploits
  • Experience performing application architecture threat modeling and risk assessments
  • Proven ability and experience to communicate security issues to both technical and non-technical audiences, particularly in customer-facing scenarios
  • Ability to manage multiple concurrent projects, activities, and tasks under tight time constraints
  • Exceptional communication, teamwork, and influencing skills that foster a collaborative and continuous-improvement environment
  • Experience with development and preparation of management status and key metrics reports
  • Experience with tools such as Checkmarx, AppScan, BurpSuite, ZAP, and Veracode
  • Experience with Atlassian DevOps workflow tools, such as Confluence and Jira
  • Ability to adapt to a hyper-growth pace and changing priorities
  • Self-motivation and the ability to work under minimal supervision