Senior Application Security Engineer
Skills
About the Role
You will be a senior individual contributor at the center of AlphaSense's next-generation Application Security program, built for a SaaS engineering organization where AI agents and human developers ship code side by side at high velocity. You will own the code and pull-request enforcement layer that every change flows through, whether authored by a human or an AI coding agent. You will define and harden the deterministic security gates that make AI-authored code auditably equivalent to human-authored code, and partner directly with engineering teams shipping AI-native and agentic features, including MCP integrations, AI coding assistants, and AI capabilities embedded in research workflows. This is a hands-on, build-it role, not an auditor or dashboard owner role. You will write code, read pull requests fluently across multiple languages, and treat Application Security as a partnership with engineering rather than a gate to enforce. You will report to the Director of Application Security within Product Security, and partner closely with Security, Engineering, and GRC teams. This is a foundational hire with a clear path to Staff / Tech Lead as the team grows.
Requirements
- 6+ years engineering experience with 4+ in a dedicated AI Application Security / Product Security role at a SaaS or cloud-native company
- Hands-on and recent development background, able to read PRs fluently in at least two of Python, TypeScript / JavaScript, Java / Kotlin, or Go
- Comfortable in Terraform, Helm, and Kubernetes manifests
- Hands-on experience with agentic AI and MCP development
- Production operation of a SAST / SCA pipeline at scale such as Snyk, Semgrep, GitHub Advanced Security, Checkmarx, or Veracode
- Demonstrated ownership of a threat modeling or developer security training program
- Layered security thinking across code, contract, behavior, simulation, and data
- Strong written communication for policy, guidance, runbooks, and PR comments
Responsibilities
- Operate and continuously tune the SAST, SCA, secrets-detection, and SBOM pipeline
- Design ship and harden deterministic security gates that make AI-authored PRs auditably equivalent to human-authored ones
- Review human-authored and agent-authored PRs catching semantic violations static analysis misses
- Co-submit AI-generated patch proposals so human effort scales as review-and-merge not authorship
- Drive findings to closure at the class level fixing bugs once at the platform layer
- Own how the company secures AI-assisted development including Claude Code, Cursor, Copilot, MCP servers, and agent-authored PRs
- Author and roll out an AI-Assisted Development Security policy covering prompt injection defense, MCP scope and credential governance, and agent credential inheritance
- Partner with harness engineering on agent scope declarations, agent identity registration, and verification hooks
- Threat model new AI features including agent gateway, MCP connector architecture, and AI workflows in the research platform
- Scale the threat modeling framework across engineering teams
- Partner with the product security team to build a security training program for engineers
- Embed testable security acceptance criteria, agent scope declarations, and verification hooks into the PRD template
- Integrate Layer 1 code security signal with Infrastructure, Behavioral Intelligence, Adversarial Simulation, and Data Segmentation layers
- Drive MTTR on critical findings under 24 hours and improve finding precision above 95%
- Support DAST deployment, the API pen test program, and the customer-facing security posture dashboard
- Coordinate penetration testing, bug bounty intake, and partner threat-intel feeds
- Act as the primary technical responder for application-layer incidents and agentic behavior anomalies
Benefits
- Remote-first, high autonomy
- Performance bonus
- Equity
- Benefits program
