Search...

Senior Application Security Engineer

Tribeca Venture Partners logo
Tribeca Venture Partners

Stealth

Distributed
View jobs by Tribeca Venture Partners

Skills

About the Role

You will be a senior individual contributor at the center of AlphaSense's next-generation Application Security program, built for a SaaS engineering organization where AI agents and human developers ship code side by side at high velocity. You will own the code and pull-request enforcement layer that every change flows through, whether authored by a human or an AI coding agent. You will define and harden the deterministic security gates that make AI-authored code auditably equivalent to human-authored code, and partner directly with engineering teams shipping AI-native and agentic features, including MCP integrations, AI coding assistants, and AI capabilities embedded in research workflows. This is a hands-on, build-it role, not an auditor or dashboard owner role. You will write code, read pull requests fluently across multiple languages, and treat Application Security as a partnership with engineering rather than a gate to enforce. You will report to the Director of Application Security within Product Security, and partner closely with Security, Engineering, and GRC teams. This is a foundational hire with a clear path to Staff / Tech Lead as the team grows.

Requirements

  • 6+ years engineering experience with 4+ in a dedicated AI Application Security / Product Security role at a SaaS or cloud-native company
  • Hands-on and recent development background, able to read PRs fluently in at least two of Python, TypeScript / JavaScript, Java / Kotlin, or Go
  • Comfortable in Terraform, Helm, and Kubernetes manifests
  • Hands-on experience with agentic AI and MCP development
  • Production operation of a SAST / SCA pipeline at scale such as Snyk, Semgrep, GitHub Advanced Security, Checkmarx, or Veracode
  • Demonstrated ownership of a threat modeling or developer security training program
  • Layered security thinking across code, contract, behavior, simulation, and data
  • Strong written communication for policy, guidance, runbooks, and PR comments

Responsibilities

  • Operate and continuously tune the SAST, SCA, secrets-detection, and SBOM pipeline
  • Design ship and harden deterministic security gates that make AI-authored PRs auditably equivalent to human-authored ones
  • Review human-authored and agent-authored PRs catching semantic violations static analysis misses
  • Co-submit AI-generated patch proposals so human effort scales as review-and-merge not authorship
  • Drive findings to closure at the class level fixing bugs once at the platform layer
  • Own how the company secures AI-assisted development including Claude Code, Cursor, Copilot, MCP servers, and agent-authored PRs
  • Author and roll out an AI-Assisted Development Security policy covering prompt injection defense, MCP scope and credential governance, and agent credential inheritance
  • Partner with harness engineering on agent scope declarations, agent identity registration, and verification hooks
  • Threat model new AI features including agent gateway, MCP connector architecture, and AI workflows in the research platform
  • Scale the threat modeling framework across engineering teams
  • Partner with the product security team to build a security training program for engineers
  • Embed testable security acceptance criteria, agent scope declarations, and verification hooks into the PRD template
  • Integrate Layer 1 code security signal with Infrastructure, Behavioral Intelligence, Adversarial Simulation, and Data Segmentation layers
  • Drive MTTR on critical findings under 24 hours and improve finding precision above 95%
  • Support DAST deployment, the API pen test program, and the customer-facing security posture dashboard
  • Coordinate penetration testing, bug bounty intake, and partner threat-intel feeds
  • Act as the primary technical responder for application-layer incidents and agentic behavior anomalies

Benefits

  • Remote-first, high autonomy
  • Performance bonus
  • Equity
  • Benefits program
Senior Application Security Engineer at Tribeca Venture Partners | JobStash