Senior Application Security Engineer
Current- Conducts end-to-end security reviews on new applications and features, from Threat Modeling to SCA to SAST to DAST to internal penetration tests.- Manages Vulnerability Disclosure and Bug Bounty Programs, implementing the internal review and payment process workflow. Leads the team in triaging and reviewing reported findings via the Bugcrowd platform and coordinates with security researchers and product teams to get remediation and close security gaps.- Collaborates with product teams on the discovery and remediation of application vulnerabilities, ensuring timely remediation.- Conducts software composition analysis, and static and dynamic application security testing for both web and mobile applications, running scans via tools like Mend, Checkmarx, Data Theorem, Burp Suit and Whitehat Vulnerability Scanner, and triage of findings.- Runs full penetration tests on Cvent applications, both web and mobile.- Effectively communicates with clients about vulnerability status and the mitigating controls in place, leading to stronger confidence in the Cvent brand and reputation related to security.- Develops and improves the Cvent internal security tool for generating remediation plans to accompany third party penetration test reports for clients. Worked on development for other security tools with the team.- Collaborated with internal teams and third-party penetration test vendors to conduct penetration tests on Cvent applications.