Key skills
Application SecurityCI/CD IntegrationCloud Security (AWS/Azure/GCP)Threat ModelingSecurity Testing ToolsStatic/Dynamic Testing (SAST/DAST)Infrastructure as CodeProgramming/Scripting (Python/C#/Java)Analytical SkillsProblem-Solving SkillsCommunication SkillsPythonJavaC#CPowerShellAWSAzureGCPSource ControlSDLCCI/CDOWASPPenetration Testing
About this role
MeridianLink is committed to safeguarding internal systems and client data through its application security program. The Application Security Engineer will assess the security of applications, collaborate with development and engineering teams, and implement security solutions to strengthen the company's overall security posture.
Responsibilities:
- Support application security initiatives while collaborating with senior application security engineers and other security team members as needed
- Participate in application security reviews and threat modeling activities, including code review and static and dynamic testing
- Interpret business and technical requirements to support the design and development of secure applications and infrastructure
- Design and implement application security solutions that enforce consistent security controls across applications and products
- Conduct assessments of cloud, network, and data services supporting MeridianLink’s products
- Design, build, test, document, deploy, monitor, and support application security and security operations tooling
- Automate security testing and vulnerability management processes where appropriate
- Proactively identify opportunities to improve security architecture and recommend enhancements to address evolving threats
- Partner with developers to promote secure coding practices and integrate security controls into the SDLC
- Collaborate cross-functionally to implement and support automated static and dynamic testing within CI/CD pipelines
- Serve as the primary security point of contact for development and engineering teams, supporting the remediation of identified risks and vulnerabilities
- Perform automated and manual vulnerability assessments on a recurring basis using industry-standard tools to validate findings across applications, cloud infrastructure, and endpoints
- Review new or proposed applications and provide guidance on secure architecture and design considerations
- Support regulatory and compliance-related initiatives as required
- Act as a subject matter expert in application security, secure coding practices, and penetration testing
- Participate in the internal CSIRT on-call rotation and support incident response activities as needed
Requirements:
- Bachelor's degree and 2–4 years of related experience, or equivalent practical experience
- 1+ years of hands-on experience implementing or maintaining CI/CD, security, and data pipelines
- Hands-on experience designing, securing, and delivering cloud-based applications and services in AWS, Azure, or GCP environments
- Strong understanding of application security practices and CI/CD integration, with experience securing cloud infrastructure
- Experience conducting threat modeling and a solid understanding of common application security vulnerabilities (OWASP Top 10, SANS)
- Experience performing security design and architecture reviews for new technologies and applications
- Familiarity with SDLC methodologies and experience securing APIs and web services
- Experience using industry-standard application and security testing tools, including Burp Suite, Kali Linux, Metasploit, and WebInspect
- Understanding of infrastructure as code, automation, container security, and orchestration technologies
- Experience with programming or scripting languages such as Python, C#, Java, or PowerShell, and familiarity with modern web technologies
- Experience performing static and dynamic application security testing (SAST/DAST)
- Strong knowledge of CI/CD pipelines, including source control, build, and deployment processes
- Experience securing cloud deployments and containerized environments
- Strong analytical and problem-solving skills, with the ability to work across development and security disciplines
- Ability to clearly communicate security concepts to both technical and non-technical stakeholders