Application Security Engineer

• Support application security initiatives while collaborating with senior application security engineers and other security team members as needed. • Participate in application security reviews and threat modeling activities, including code review and static and dynamic testing. • Interpret business and technical requirements to support the design and development of secure applications and infrastructure. • Design and implement application security solutions that enforce consistent security controls across applications and products. • Conduct assessments of cloud, network, and data services supporting MeridianLink’s products. • Design, build, test, document, deploy, monitor, and support application security and security operations tooling. • Automate security testing and vulnerability management processes where appropriate. • Proactively identify opportunities to improve security architecture and recommend enhancements to address evolving threats. • Partner with developers to promote secure coding practices and integrate security controls into the SDLC. • Collaborate cross-functionally to implement and support automated static and dynamic testing within CI/CD pipelines. • Serve as the primary security point of contact for development and engineering teams, supporting the remediation of identified risks and vulnerabilities. • Perform automated and manual vulnerability assessments on a recurring basis using industry-standard tools to validate findings across applications, cloud infrastructure, and endpoints. • Review new or proposed applications and provide guidance on secure architecture and design considerations. • Support regulatory and compliance-related initiatives as required. • Act as a subject matter expert in application security, secure coding practices, and penetration testing. • Participate in the internal CSIRT on-call rotation and support incident response activities as needed. • Qualifications: Knowledge, Skills, and Abilities • Bachelor’s degree and 2–4 years of related experience, or equivalent practical experience. • 1+ years of hands-on experience implementing or maintaining CI/CD, security, and data pipelines. • Hands-on experience designing, securing, and delivering cloud-based applications and services in AWS, Azure, or GCP environments. • Strong understanding of application security practices and CI/CD integration, with experience securing cloud infrastructure. • Experience conducting threat modeling and a solid understanding of common application security vulnerabilities (OWASP Top 10, SANS). • Experience performing security design and architecture reviews for new technologies and applications. • Familiarity with SDLC methodologies and experience securing APIs and web services. • Experience using industry-standard application and security testing tools, including Burp Suite, Kali Linux, Metasploit, and WebInspect. • Understanding of infrastructure as code, automation, container security, and orchestration technologies. • Experience with programming or scripting languages such as Python, C#, Java, or PowerShell, and familiarity with modern web technologies. • Experience performing static and dynamic application security testing (SAST/DAST). • Strong knowledge of CI/CD pipelines, including source control, build, and deployment processes. • Experience securing cloud deployments and containerized environments. • Strong analytical and problem-solving skills, with the ability to work across development and security disciplines. • Ability to clearly communicate security concepts to both technical and non-technical stakeholders.