Application Security Engineer

MeridianLink is focused on safeguarding software and client data through its application security program. The Application Security Engineer will assess application security, collaborate with development teams, and drive improvements to enhance the company's overall security posture.

Responsibilities:

• Support application security initiatives while collaborating with senior application security engineers and other security team members as needed
• Coordinate third-party security assessments of application, network, and data services supporting MeridianLink’s products
• Translate security testing results into clear, business-impact risk assessments, providing developers and product owners with actionable guidance on real-world exposure and remediation priorities
• Participate in application security reviews and threat modeling activities, including static and dynamic testing
• Interpret business and technical requirements to support the design and development of secure applications and infrastructure
• Perform automated and manual vulnerability assessments on a recurring basis using industry-standard tools to validate findings across applications, cloud infrastructure, and endpoints
• Provide input into the design and implementation of application security solutions that enforce consistent security controls across applications and products
• Conduct remediation validation of identified security findings, verifying fixes are effective and confirming additional instances have been identified and resolved
• Design, build, test, document, deploy, monitor, and support application security and security operations tooling
• Automate security testing and vulnerability management processes where appropriate
• Proactively identify opportunities to improve security architecture and recommend enhancements to address evolving threats
• Partner with developers to promote secure coding practices and integrate security controls into the SDLC
• Collaborate cross-functionally to implement and support automated static and dynamic testing within CI/CD pipelines
• Serve as a security point of contact for development and engineering teams, supporting the remediation of identified risks and vulnerabilities
• Review new or proposed applications and provide guidance on secure architecture and design considerations
• Support regulatory and compliance-related initiatives as required
• Act as a subject matter expert in application security, secure coding practices, and penetration testing
• Participate in the internal CSIRT on-call rotation and support incident response activities as needed

Requirements:

• Bachelor's degree and 2–4 years of related experience, or equivalent practical experience
• Experience using industry-standard application and security testing tools, including Burp Suite, Kali Linux, Metasploit, and WebInspect
• Experience performing static and dynamic application security testing (SAST/DAST)
• Experience conducting threat modeling and a solid understanding of common application security vulnerabilities (OWASP Top 10, SANS)
• Experience with programming or scripting languages such as Python, C#, Java, or PowerShell, and familiarity with modern web technologies
• Hands-on experience securing cloud-based applications and services in AWS, Azure, or GCP environments
• Strong understanding of application security practices and CI/CD integration, with experience securing APIs and web applications
• Experience performing security design and architecture reviews for new technologies and applications
• Understanding of infrastructure as code, automation, container security, and orchestration technologies
• Strong analytical and problem-solving skills, with the ability to work across development and security disciplines
• Ability to clearly communicate security concepts to both technical and non-technical stakeholders