Salary: ₹14 - ₹24 Lakhs/Annum Expected
Description:
Cvent is hiring an Application Security Engineer II to join its ASRE team in Gurugram. This hands-on engineering position is focused on the intersection of core application security and AI-driven DevSecOps automation. Rather than performing passive manual compliance reviews, you will act as a builder who designs AI-powered security pipelines, automates threat modeling workflows, and engineers self-serve tooling for developers. The role blends classic security triage (SAST, DAST, penetration testing) with pioneering implementations of Agentic AI, utilizing LLM APIs and Model Context Protocol (MCP) connectors to defend cloud-native web architectures and AI/ML features.
Key Technologies:
Python, JavaScript, TypeScript, Bash, AWS, Model Context Protocol (MCP), Jira, Confluence, Burp Suite, Checkmarx, Mend, Veracode, OWASP ZAP, Wiz, SAST, DAST, SCA, CI/CD pipelines
Requirements:
- 3–5 years of hands-on experience in application security engineering or secure software development.
- Solid scripting skills to build internal tools and write automated security scripts using Python, JavaScript/TypeScript, or Bash.
- Working experience embedding, configuring, and running security tooling (SAST, DAST, SCA) inside automated CI/CD deployment pipelines.
- Deep technical grasp of secure coding practices, CWE mapping, common web/API vulnerabilities, and the standard OWASP Top 10 framework.
- Familiarity with cloud-native security principles on at least one major provider (AWS preferred; GCP or Azure acceptable).
- Proficiency operating infrastructure scanning and web penetration testing systems (e.g., Burp Suite, Checkmarx, Mend, Veracode, ZAP, Wiz).
- Practical exposure to or hands-on experience building with LLM APIs, AI agents, automation frameworks (e.g., Claude, tool/function calling), or Model Context Protocol (MCP) systems.
- Conceptual familiarity applying specialized frameworks like the OWASP LLM Top 10, OWASP AI Testing Guide, and MITRE ATLAS to remediate prompt injection, model abuse, and data exposure vulnerabilities.
- DevSecOps, Infrastructure as Code (IaC) security, supply-chain protection experience, or industry certifications (e.g., AWS Certified Security – Specialty, OSCP, GWAPT).
Important Notice:
This job description and related content are owned by Cvent. We are only sharing this information to help job seekers find opportunities. For application procedures, status, or any related concerns, please contact Cvent directly. We do not process applications or respond to candidate queries.