AlphaSense - Senior Application Security Engineer

• 6+ years engineering experience, with 4+ in a dedicated AI Application Security / Product Security role at a SaaS or cloud-native company. Not a consulting / audit background. • 4+ in a dedicated AI Application Security / Product Security role • Development background , hands-on and recent. You write code, not just review it. You can read PRs fluently in at least two of Python, TypeScript / JavaScript, Java / Kotlin, or Go, and you are comfortable in Terraform, Helm, and Kubernetes manifests. • Development background , hands-on and recent. • Hands-on experience with agentic AI and MCP development. You have personally built with, integrated, or operated agentic tooling. Examples that qualify: built an MCP server; integrated Claude Code, Cursor, or Copilot into a real engineering workflow under governance; worked with autonomous coding agents or harnesses; built or hardened an agent gateway; shipped guardrails for prompt injection, jailbreak resistance, or output sanitization in production. • Hands-on experience with agentic AI and MCP development. • Production operation of a SAST / SCA pipeline at scale , Snyk, Semgrep, GitHub Advanced Security, Checkmarx, Veracode, or equivalent , including rule authoring, false-positive tuning, and CI/CD integration. • Production operation of a SAST / SCA pipeline at scale • Demonstrated ownership of a threat modeling or developer security training program , founder or substantial contributor. You can describe the artifacts, the integration into the design process, and the metrics that proved it worked. • Demonstrated ownership of a threat modeling or developer security training program • Layered security thinking. Defense-in-depth across code, contract, behavior, simulation, and data. You can speak to how findings at one layer propagate to others, and how to design for compounding control rather than redundant control. • Layered security thinking. • Strong written communication. You author policy, guidance, runbooks, and PR comments that engineers read and act on. • Strong written communication. • Open-source contributions to a SAST / SCA tool, a security linter, an MCP server or framework, an agent harness, or a threat modeling tool. • Experience shipping a deterministic compliance gate that an external auditor accepted as equivalent to human review. • API security and DAST experience (Burp Suite, ZAP, Akto) and modern container / Kubernetes security (admission controllers, runtime protection, supply chain attestation). • AWS security depth (IAM, KMS, GuardDuty, Security Hub, Organizations) and exposure to AI/ML production environments. • Security partner on a customer-facing posture dashboard or DDQ response process, ideally in a regulated industry. • Public writing or speaking on developer security, AI/agent security, or AppSec automation. • Pre-IPO experience or familiarity with SOC 2 Type II, ISO 27001:2022, ISO 42001, SOX, GDPR. • Certifications: OSWE, OSCP, CSSLP, AWS Security Specialty, or CISSP.