Applications Security Engineer

🌍 Remote, USA 🎯 Full-time 🕐 Posted Recently

Job Description

About the position

LendingTree is seeking an Applications Security Engineer to join our security team with a primary focus on edge security and externally facing application protections. This role centers on supporting critical InfoSec programs, including SaaS Security Posture Management (SSPM), web application firewall (WAF) engineering, and remediation of findings from external security scanning tools.
The Application Security Engineer will serve as a subject matter expert for web-edge controls, particularly Cloudflare, while partnering with internal teams to triage alerts, drive remediation efforts, and maintain the security posture of LendingTree’s web-facing applications and cloud services.
Success in this role requires strong technical depth in application-layer defenses, the ability to manage and operationalize security tooling, and clear communication with both technical and non-technical stakeholders.
This role is ideal for someone who thrives at the intersection of application security, cloud security, and collaboration—and who enjoys taking ownership of critical security programs that protect the business at scale.

Web Application Firewall (WAF) Subject Matter Expert
Serve as the Application Security program’s primary authority on web application firewall technologies, with deep expertise in Cloudflare. Partner with engineering and security teams to design, implement, tune, and maintain WAF rules to protect web-facing applications.
Cloud Compliance & External Scanning Remediation
As an extension of the AppSec program, this role will continuously monitor and assess the effectiveness of our cloud compliance and security tools, such as our SaaS security posture management platform, and use those insights to drive measurable improvements to our overall cloud security posture.
Fraud Program Support
Support the Fraud Program by providing research assistance to identify and model anomalous patterns, with the goal of using those models to improve automated defenses.
Collaboration & Communication
Work closely with internal and external stakeholders across engineering, product, and security teams. Translate complex security findings and recommendations into clear, actionable guidance for non-technical audiences.

Strong foundational knowledge of application security principles, with an emphasis on protecting web-facing and edge-exposed applications.
Hands-on experience with Web Application Firewall (WAF) technologies, including rule creation, tuning, alert triage, and false-positive reduction; Cloudflare and Azure Front Door experience strongly preferred.
Working knowledge of SaaS Security Posture Management (SSPM) concepts and platforms, including alert review, access posture validation, and remediation workflows.
Experience supporting or operating security monitoring and remediation programs, such as fraud detection, abuse prevention, or incident-driven security initiatives.
Familiarity with external security scanning tools (e.g., DAST, cloud posture scanners, or web exposure scanning) and the ability to manage findings through remediation and closure.
Understanding of cloud security and compliance fundamentals, including shared responsibility models and common cloud risk patterns.
Ability to prioritize, track, and coordinate remediation efforts across multiple teams and security programs.
Strong analytical and troubleshooting skills, with the ability to investigate security findings and recommend practical, risk-based solutions.
Excellent written and verbal communication skills, with demonstrated ability to translate technical security issues into clear, actionable guidance for non-technical stakeholders.
Proven ability to collaborate effectively with engineering, product, and security teams.