Application Security Engineer

Job Description

The Application Security Engineer plays a key role in MeridianLink’s application security program, helping safeguard internal systems and client data. This role is responsible for assessing the security of applications and supporting infrastructure to strengthen MeridianLink’s overall security posture.

The Application Security Engineer works closely with development, engineering, and product teams to identify and address security risks throughout the software development lifecycle. This is a highly technical, hands-on position focused on evaluating and securing applications across multiple layers of the technology stack. The individual in this role applies an adversarial mindset to identify vulnerabilities, assess emerging threats, and drive improvements as the threat landscape evolves.

Security and trust are foundational to MeridianLink’s commitment to its customers. This role supports and advances a security-by-design approach across applications and services.

Expected Duties

• Support application security initiatives while collaborating with senior application security engineers and other security team members as needed.
• Participate in application security reviews and threat modeling activities, including code review and static and dynamic testing.
• Interpret business and technical requirements to support the design and development of secure applications and and infrastructure.
• Design and implement application security solutions that enforce consistent security controls across applications and products.
• Conduct assessments of cloud, network, and data services supporting MeridianLink’s products.
• Design, build, test, document, deploy, monitor, and support application security and security operations tooling.
• Automate security testing and vulnerability management processes where appropriate.
• Proactively identify opportunities to improve security architecture and recommend enhancements to address evolving threats.
• Partner with developers to promote secure coding practices and integrate security controls into the SDLC.
• Collaborate cross-functionally to implement and support automated static and dynamic testing within CI/CD pipelines.
• Serve as the primary security point of contact for development and engineering teams, supporting the remediation of identified risks and vulnerabilities.
• Perform automated and manual vulnerability assessments on a recurring basis using industry-standard tools to validate findings across applications, cloud infrastructure, and endpoints.
• Review new or proposed applications and provide guidance on secure architecture and design considerations.
• Support regulatory and compliance-related initiatives as required.
• Act as a subject matter expert in application security, secure coding practices, and penetration testing.
• Participate in the internal CSIRT on-call rotation and support incident response activities as needed.

Qualifications: Knowledge, Skills, and Abilities

The Application Security Engineer performs moderately complex responsibilities independently while supporting peers and leadership on more advanced initiatives. This role requires the ability to apply established policies and procedures to resolve a wide range of security-related issues while continuing to develop technical expertise.

• Bachelor’s degree and 2–4 years of related experience, or equivalent practical experience.
• 1+ years of hands-on experience implementing or maintaining CI/CD, security, and data pipelines.
• Hands-on experience designing, securing, and delivering cloud-based applications and services in AWS, Azure, or GCP environments.
• Strong understanding of application security practices and CI/CD integration, with experience securing cloud infrastructure.
• Experience conducting threat modeling and a solid understanding of common application security vulnerabilities (OWASP Top 10, SANS).
• Experience performing security design and architecture reviews for new technologies and applications.
• Familiarity with SDLC methodologies and experience securing APIs and web services.
• Experience using industry-standard application and security testing tools, including Burp Suite, Kali Linux, Metasploit, and WebInspect.
• Understanding of infrastructure as code, automation, container security, and orchestration technologies.
• Experience with programming or scripting languages such as Python, C#, Java, or PowerShell, and familiarity with modern web technologies.
• Experience performing static and dynamic application security testing (SAST/DAST).
• Strong knowledge of CI/CD pipelines, including source control, build, and deployment processes.
• Experience securing cloud deployments and containerized environments.
• Strong analytical and problem-solving skills, with the ability to work across development and security disciplines.
• Ability to clearly communicate security concepts to both technical and non-technical stakeholders.

Key skills/competency

• Application Security
• Threat Modeling
• Vulnerability Management
• Cloud Security
• CI/CD Security
• SAST & DAST
• Secure SDLC
• Incident Response
• API Security
• Penetration Testing