Why work at Celink
Discover a different kind of workplace at Celink. You’ll join a passionate team of servicing professionals dedicated to our clients, their borrowers, and the reverse mortgage industry.
At Celink, you’ll have the opportunity to make a meaningful impact within a fast-moving organization while working alongside experienced, mission‑driven professionals. We value strategic thinking, collaboration, and integrity and constantly strive to be best in class.
Joining Celink means being part of a collaborative workplace that values innovation, thoughtful problem‑solving, and continuous growth. Employees are encouraged to rethink traditional approaches, share bold ideas, and continuously learn and thrive.
What Sets Celink Apart
Flexible, remote work environment that supports work‑life balance
- Supportive, collaborative team culture built on respect and partnership
- Opportunities to learn, build skills, and contribute to meaningful outcomes
- Emphasis on quality, consistency, and reliable support in everyday work
Total Rewards & Benefits
Celink offers a comprehensive and competitive total rewards package designed to support employees’ financial, physical, and emotional well‑being, including:
- Comprehensive medical, dental, and vision coverage with multiple plan options
- Health Savings Account (HSA) and Flexible Spending Accounts (FSA), including dependent care
- 401(k) with employer match and immediate vesting
- Employer‑paid life insurance, disability coverage, and parental leave
- Generous paid time off, paid holidays, and flexible work arrangements
Job Purpose/Summary
Celink is a leading servicer of reverse mortgages operating in a regulated financial services environment. We own and operate a proprietary servicing platform and related internal applications that are critical to business operations, customer service, and risk management.
We are looking for an experienced and hands-on Application Security Engineer to help secure Celink’s internally developed applications, APIs, and support software delivery processes. In this role, you will work closely with engineering, architecture, and DevOps teams to embed secure-by-design practices throughout the software development lifecycle, including requirements review, threat modeling, secure design, code analysis, security testing, and remediation support. You will also help administer and improve application security tooling, define practical security standards for development teams, and provide reporting on application security risks, trends, and remediation progress.
Duties and responsibilities
Responsibilities Include:
- Partner with software engineering, architecture, and DevOps teams to embed security requirements and secure-by-design practices into the software development lifecycle.
- Perform threat modeling, secure design reviews, and application architecture assessments for internally developed applications, APIs, and supporting services.
- Review results from SAST, DAST, SCA, secrets scanning, and related AppSec tools, and help teams prioritize and remediate findings based on risk and business context.
- Help define, document, and improve secure coding standards, development guardrails, and security patterns for internal engineering teams.
- Provide guidance and hands-on support to development teams on secure coding practices, common vulnerability patterns, and effective remediation approaches.
- Partner with teams to improve application security controls such as authentication, authorization, secrets handling, logging, and secure configuration.
- Support and conduct security testing activities for web, API, and cloud-based applications, and validate remediation of identified vulnerabilities.
- Configure, maintain, and optimize application security tools and integrations used in CI/CD and developer workflows to improve efficiency, consistency, and coverage of application security processes.
- Develop and deliver practical security training and guidance for developers and other stakeholders involved in software delivery.
- Support internal audits, risk assessments, and compliance activities related to application security controls and software development practices.
- Research emerging application security risks, tools, and techniques, and recommend practical improvements aligned to Celink’s environment.
- Performs other duties and projects as assigned
Qualifications
Education
- Bachelor’s degree (or equivalent experience) in computer science, information security, software engineering, or a related field.
Experience/Training
- 5+ years of experience in application security, secure software engineering, or a closely related field, with emphasis on enterprise and distributed application environments.
- 5+ years of hands-on experience working with software development teams on secure SDLC practices, code review, vulnerability remediation, and security testing; prior software development experience is strongly preferred.
Professional Certification/License
- Industry certifications such as CSSLP, CISSP or other relevant application security or cloud security credentials are preferred.
Skills and Abilities
- Strong understanding of modern web, API, and distributed application architectures, and the ability to assess security implications across those environments.
- Knowledge of common web, API, and cloud application vulnerabilities and effective remediation approaches, as well as of application security testing tools and methods.
- Deep understanding of secure software development principles, including OWASP Top 10 for web and API security, code and dependency analysis, and practical remediation techniques.
- Detailed technical knowledge of authentication, authorization, cryptography fundamentals, common application vulnerabilities, and effective remediation strategies.
- Practical familiarity with modern application development stacks and frameworks such as React, Angular, Node.js, Java, Javascript.
- Ability to influence technical teams, drive remediation, and balance sound risk management with practical delivery needs.
- Experience with AWS-hosted applications, CI/CD security integration, and automation of application security workflows.
- Ability to articulate, plan, implement, and continuously improve application security practices in partnership with development and technology teams.
- Demonstrated strong critical thinking, problem-solving, and analytical ability, including the judgment to prioritize issues based on technical and business risk.
- Strong verbal and written communication skills, with the ability to clearly explain security findings and recommendations to developers, architects, and leadership audiences.
Compensation: The salary range for this position is $115,000–$130,000. Actual compensation will be determined based on factors such as job‑related knowledge, skills, experience, and geographic location.
Working Conditions
Work is performed predominately remote, but some travel may be required. There may be some travel with overnight stays. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.
Physical Requirements
While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle or feel; and reach with hands and arms.
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
EEO Statement
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
