Application Security Engineer - Innovate & Secure at MeridianLink
Are you an Application Security professional with a keen 'adversarial mindset' and a passion for building secure-by-design software? MeridianLink is seeking a talented and driven Application Security Engineer to join our dynamic team and play a pivotal role in safeguarding our internal systems and critical client data.
This isn't just a job; it's an opportunity to embed security deep into the fabric of our products, working hand-in-hand with development, engineering, and product teams across the entire Software Development Lifecycle (SDLC). At MeridianLink, security and trust are foundational to our commitment to customers. We champion a 'security-by-design' approach, empowering our engineers to interpret business and technical requirements, design robust solutions, and proactively identify and mitigate risks as the threat landscape evolves.
What You'll Do: Secure Software Development Lifecycle (SSDLC) & Collaboration: Partner directly with development, engineering, and product teams to integrate security controls and champion secure coding practices throughout the SDLC. Advanced Security Assessments & Vulnerability Management: Conduct comprehensive code reviews, static (SAST) and dynamic (DAST) application security testing. Security Automation & Tooling Excellence: Design, build, test, document, deploy, monitor, and support innovative application security and security operations tooling. Strategic Impact & Expert Guidance: Proactively identify opportunities to enhance security architecture, recommending cutting-edge improvements to address evolving threats. What You'll Bring to the Team: Your Foundation: Bachelor’s degree and 2–4 years of dedicated application security experience, or equivalent practical expertise. Technical Acumen: Proven experience designing, securing, and delivering cloud-based applications and services across AWS, Azure, or GCP environments. Essential Skills: Exceptional analytical and problem-solving skills, with the ability to bridge gaps across development and security disciplines.
Lead and participate in critical application security reviews, threat modeling activities, and design discussions for new features and applications.
Serve as the primary security point of contact, guiding teams through remediation and fostering a security-first culture.
Promote secure coding practices and integrate security controls into CI/CD pipelines.
Perform automated and manual vulnerability assessments on applications, cloud infrastructure, and endpoints using industry-standard tools.
Assess the security posture of cloud, network, and data services supporting MeridianLink’s product ecosystem.
Proactively identify vulnerabilities, interpret findings, and drive effective remediation strategies.
Automate security testing and vulnerability management processes, enhancing efficiency and scalability.
Collaborate cross-functionally to implement and support automated SAST/DAST within CI/CD pipelines.
Act as a subject matter expert in application security, secure coding practices, and penetration testing methodologies.
Support regulatory and compliance initiatives, ensuring our applications meet the highest industry standards.
Participate in the internal CSIRT on-call rotation and contribute to incident response activities when needed.
1+ years of hands-on experience implementing or maintaining robust CI/CD, security, and data pipelines.
Deep understanding of application security practices, including threat modeling and common vulnerabilities (OWASP Top 10, SANS).
Hands-on experience performing security design and architecture reviews for new technologies and applications.
Familiarity with various SDLC methodologies and expertise in securing APIs and web services.
Proficiency with industry-standard application and security testing tools such as Burp Suite, Kali Linux, Metasploit, and WebInspect.
Solid grasp of infrastructure as code, automation, container security, and orchestration technologies.
Experience with programming or scripting languages like Python, C#, Java, or PowerShell, coupled with familiarity with modern web technologies.
Demonstrated experience performing Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
Strong knowledge of CI/CD pipelines, including source control, build, and deployment processes.
Experience securing cloud deployments and containerized environments.
Outstanding communication skills, capable of articulating complex security concepts clearly to both technical and non-technical stakeholders.