Application Security Engineer

Job Description

The Application Security Engineer plays a key role in MeridianLink’s application security program, helping safeguard internally developed software and client data. This role is responsible for assessing the security of applications and supporting infrastructure to strengthen MeridianLink’s overall security posture.

The Application Security Engineer works closely with development, engineering, and product teams to identify and address security risks throughout the software development lifecycle. This is a highly technical, hands-on position focused on evaluating and securing applications across multiple layers of the technology stack. The individual in this role applies an adversarial mindset to identify vulnerabilities, assess emerging threats, and drive improvements as the threat landscape evolves.

Security and trust are foundational to MeridianLink’s commitment to its customers. This role supports and advances a security-by-design approach across applications and services.

Expected Duties

• Support application security initiatives while collaborating with senior application security engineers and other security team members as needed.

• Coordinate third-party security assessments of application, network, and data services supporting MeridianLink’s products.

• Translate security testing results into clear, business-impact risk assessments, providing developers and product owners with actionable guidance on real-world exposure and remediation priorities.

• Participate in application security reviews and threat modeling activities, including static and dynamic testing.

• Interpret business and technical requirements to support the design and development of secure applications and infrastructure.

• Perform automated and manual vulnerability assessments on a recurring basis using industry-standard tools to validate findings across applications, cloud infrastructure, and endpoints.

• Provide input into the design and implementation of application security solutions that enforce consistent security controls across applications and products.

• Conduct remediation validation of identified security findings, verifying fixes are effective and confirming additional instances have been identified and resolved

• Design, build, test, document, deploy, monitor, and support application security and security operations tooling.

• Automate security testing and vulnerability management processes where appropriate.

• Proactively identify opportunities to improve security architecture and recommend enhancements to address evolving threats.

• Partner with developers to promote secure coding practices and integrate security controls into the SDLC.

• Collaborate cross-functionally to implement and support automated static and dynamic testing within CI/CD pipelines.

• Serve as a security point of contact for development and engineering teams, supporting the remediation of identified risks and vulnerabilities.

• Review new or proposed applications and provide guidance on secure architecture and design considerations.

• Support regulatory and compliance-related initiatives as required.

• Act as a subject matter expert in application security, secure coding practices, and penetration testing.

• Participate in the internal CSIRT on-call rotation and support incident response activities as needed.

Qualifications: Knowledge, Skills, and Abilities

The Application Security Engineer performs moderately complex responsibilities independently while supporting peers and leadership on more advanced initiatives. This role requires the ability to apply established policies and procedures to resolve a wide range of security-related issues while continuing to develop technical expertise.

• Bachelor’s degree and 2–4 years of related experience, or equivalent practical experience.

• Experience using industry-standard application and security testing tools, including Burp Suite, Kali Linux, Metasploit, and WebInspect.

• Experience performing static and dynamic application security testing (SAST/DAST).

• Experience conducting threat modeling and a solid understanding of common application security vulnerabilities (OWASP Top 10, SANS).

• Experience with programming or scripting languages such as Python, C#, Java, or PowerShell, and familiarity with modern web technologies.

• Hands-on experience securing cloud-based applications and services in AWS, Azure, or GCP environments.

• Strong understanding of application security practices and CI/CD integration, with experience securing APIs and web applications.

• Experience performing security design and architecture reviews for new technologies and applications.

• Understanding of infrastructure as code, automation, container security, and orchestration technologies.

• Strong analytical and problem-solving skills, with the ability to work across development and security disciplines.

• Ability to clearly communicate security concepts to both technical and non-technical stakeholders.