Security is an important quality attribute for Service Oriented Architecture (SOA) based system. However, there is no sufficient support for modelling security-centric concerns for SOA based application. This paper presents a metamodel called SoaML4Security, which introduces QoS concepts into Service oriented Modelling Language (SoaML) in order to support the modelling of security aspect. We motivate the need of extending SoaML for modelling security concerns from different viewpoints. We describe the process of developing the metamodel, which can support Model Driven Engineering (MDE) approach for service-oriented applications. The use of the extended metamodel has been demonstrated by modelling a real world service-oriented application for security requirements.