Security Engineer

Merge is the leading provider of agentic tools and customer-facing integrations for frontier LLMs, Fortune 500 organizations, and B2B SaaS companies. Our platform offers three core products: Merge Unified, which enables businesses to add hundreds of integrations to their products with a single API, Merge Agent Handler, which empowers AI agents with secure access to thousands of third-party tools, and Merge Gateway, the control plane for running AI in production. Merge's enterprise-grade platform handles the entire integration lifecycle, from authentication and security to monitoring and maintenance. Thousands of companies trust Merge to accelerate product development, unblock sales, reduce customer churn, and save engineering resources—allowing them to focus on their core product.

Merge is poised to power all B2B integrations, and in doing so, are powering data movement for some of the most secure companies in the world. Working with these powerhouses requires us to follow industry leading security practices and constantly protect ourselves.

As a Security Engineer at Merge, you will be the primary owner of product and application security across our platform. You'll work directly alongside our Head of Security and partner closely with Engineering and Product to find and fix vulnerabilities, shape how we build securely, and ensure our API-first, AI-powered products ship with strong security guarantees. While you don't need specific experience with all of the above, we'd expect you to be excited to learn and grow, and tackle any challenges that may come your way.

What you will do:

• Own product and application security across Merge's platform: APIs, integrations, agent tooling, and AI-powered features

• Conduct security reviews, threat modeling, and code reviews with a focus on application-layer vulnerabilities (OWASP Top 10, injection, auth flaws, insecure deserialization, etc.)

• Drive vulnerability identification and remediation across the full SDLC, from design through deployment

• Build and mature our application security program, including SAST/DAST tooling, security testing in CI/CD, and developer security guidance

• Utilize AI to test the resiliency of our applications and systems

• Own and operate our bug bounty program end to end: triage, response, remediation, and researcher communication

• Partner with Engineering to embed secure design patterns and security review into how we ship software

• Support infrastructure and cloud security as needed, with a focus on how it intersects with our product surface

The ideal candidate will have:

• 3–6+ years of security engineering experience with a strong focus on product or application security

• Deep familiarity with application security concepts: OWASP, common vulnerability classes, secure API design, auth and authorization patterns

• Experience conducting threat modeling and secure code reviews

• Hands-on experience with application security tooling (SAST, DAST, SCA) and integrating security into CI/CD pipelines

• Experience with and a desire to code in at least one major programming language. You should be comfortable reading and writing code, not just running scanners

• Experience in a SaaS or API-driven environment; familiarity with multi-tenant systems and the security challenges they present

• Interest in learning and supporting other areas of Security where needed

• Bonus: experience with AI/LLM security, agent security, or securing data-heavy API platforms

Compensation:

• The cash compensation range for this role is $165,000 - $200,000 

• Actual compensation packages are based on a wide array of factors unique to each candidate, including but not limited to skill set, years & depth of experience, and certifications. In addition to cash compensation, all full time employees receive an equity compensation package

Benefits: 

• Unlimited PTO + 10 company holidays

• Pre-Tax commuter benefits

• 100% covered health, vision, and dental insurance 

• 401K Plan

• $200 one-time home office stipend

• In office snacks and free dinner when working past 7pm