AlphaSense is a company that provides AI-driven market intelligence to help professionals make smarter decisions. The Staff Application Security Engineer will play a critical role in securing the company's cloud-based SaaS products by embedding security best practices into the software development lifecycle and enhancing automation across CI/CD processes.
Responsibilities:
- Lead application security initiatives across all SaaS products and microservices
- Define and champion strategic security initiatives across the company
- Conduct threat modeling, architecture reviews, and secure code assessments for both backend and frontend systems
- Implement and manage security automation in CI/CD, integrating SAST, DAST, SCA, and container image scanning tools
- Collaborate with engineering teams to triage, prioritize, and remediate vulnerabilities across applications and containerized workloads
- Drive AppSec awareness and training, developing secure coding practices and guidelines
- Evaluate and deploy container security controls, ensuring images and orchestrators (Kubernetes, ECS, etc.) follow best practices
- Support bug bounty and vulnerability disclosure programs and coordinate penetration testing
- Stay ahead of emerging application and container threats, and recommend preventive controls aligned with OWASP and CIS benchmarks
Requirements:
- 7+ years of experience in Application or Product Security, preferably in a SaaS or cloud-native environment
- Strong understanding of web app and API security, microservices, and containerized architectures
- Experience integrating security tooling into modern CI/CD workflows
- Proficiency with SAST, DAST, IaC scanning, and container security platforms
- Skilled in secure coding and code review for at least one major language (Python, Java, Go, JavaScript)
- Familiarity with AWS security, Kubernetes security, and DevSecOps best practices
- Experience in data analytics or AI/ML product environments
- Prior experience managing or integrating container runtime protection and supply chain security
- Certifications such as OSWE, OSCP, CSSLP, AWS Security Specialty, or CISSP