Application Security Engineer

Application Security Engineer Job Description The Application Security Engineer plays a key role in MeridianLink’s application security program, helping safeguard internally developed software and client data. This role is responsible for assessing the security of applications and supporting infrastructure to strengthen MeridianLink’s overall security posture. The Application Security Engineer works closely with development, engineering, and product teams to identify and address security risks throughout the software development lifecycle. This is a highly technical, hands-on position focused on evaluating and securing applications across multiple layers of the technology stack. The individual in this role applies an adversarial mindset to identify vulnerabilities, assess emerging threats, and drive improvements as the threat landscape evolves. Security and trust are foundational to MeridianLink’s commitment to its customers. This role supports and advances a security-by-design approach across applications and services. Expected Duties - Support application security initiatives while collaborating with senior application security engineers and other security team members as needed. - Coordinate third-party security assessments of application, network, and data services supporting MeridianLink’s products. - Translate security testing results into clear, business-impact risk assessments, providing developers and product owners with actionable guidance on real-world exposure and remediation priorities. - Participate in application security reviews and threat modeling activities, including static and dynamic testing. - Interpret business and technical requirements to support the design and development of secure applications and infrastructure. - Perform automated and manual vulnerability assessments on a recurring basis using industry-standard tools to validate findings across applications, cloud infrastructure, and endpoints. - Provide input into the design and implementation of application security solutions that enforce consistent security controls across applications and products. - Conduct remediation validation of identified security findings, verifying fixes are effective and confirming additional instances have been identified and resolved - Design, build, test, document, deploy, monitor, and support application security and security operations tooling. - Automate security testing and vulnerability management processes where appropriate. - Proactively identify opportunities to improve security architecture and recommend enhancements to address evolving threats. - Partner with developers to promote secure coding practices and integrate security controls into the SDLC. - Collaborate cross-functionally to implement and support automated static and dynamic testing within CI/CD pipelines. - Serve as a security point of contact for development and engineering teams, supporting the remediation of identified risks and vulnerabilities. - Review new or proposed applications and provide guidance on secure architecture and design considerations. - Support regulatory and compliance-related initiatives as required. - Act as a subject matter expert in application security, secure coding practices, and penetration testing. - Participate in the internal CSIRT on-call rotation and support incident response activities as needed. Qualifications: Knowledge, Skills, and Abilities The Application Security Engineer performs moderately complex responsibilities independently while supporting peers and leadership on more advanced initiatives. This role requires the ability to apply established policies and procedures to resolve a wide range of security-related issues while continuing to develop technical expertise. - Bachelor’s degree and 2–4 years of related experience, or equivalent practical experience. - Experience using industry-standard application and security testing tools, including Burp Suite, Kali Linux, Metaspl ... (truncated, view full listing at source)