Staff Product Security Engineer

AlphaSense is a leading company providing AI-driven market intelligence solutions to sophisticated organizations. They are seeking a Staff Product Security Engineer to lead the design and implementation of secure products across AI, data, and cloud-native systems, ensuring security is embedded throughout the product lifecycle.

Responsibilities:

• Embed robust security practices throughout the software and AI development lifecycle (SDLC)
• Lead secure design reviews, threat modeling, and risk assessments for AI-driven products, APIs, and backend services
• Partner with engineering and product teams to ensure security, privacy, and compliance by design
• Build and maintain security automation and governance frameworks that integrate seamlessly into development workflows
• Architect and enforce security controls for AI/ML systems, including model training, data pipelines, and inference environments
• Identify and mitigate AI-specific attack vectors such as data poisoning, model inversion, prompt injection, and model theft
• Collaborate with governance and compliance teams to align with ethical AI principles and frameworks like NIST AI RMF and the EU AI Act
• Implement model provenance, integrity, and auditability controls to ensure responsible and secure AI operations
• Partner with DevOps and SRE teams to secure service meshes, container networking, and secrets management
• Drive software supply chain security, including artifact integrity, dependency management, and vulnerability reduction
• Build internal frameworks for continuous assurance and real-time vulnerability management
• Define and maintain reference security architectures for microservices, APIs, and AI-powered systems deployed in the cloud
• Mentor teams on secure coding, containerization best practices, and AI risk management
• Promote a security-first culture through advocacy, documentation, and training
• Represent product security in cross-functional initiatives and leadership discussions

Requirements:

• 7+ years of experience in product, application, or cloud security engineering
• Deep understanding of secure SDLC, threat modeling, and secure architecture design
• Proven expertise with AWS cloud security concepts and best practices
• Strong experience with container security, orchestration, and runtime protection
• Proficiency in Python, Java, and/or JavaScript for security automation, code review, and tooling
• Experience securing AI/ML pipelines, data workflows, or model-serving infrastructure
• Familiarity with DevSecOps and continuous integration/deployment environments
• Familiarity with encryption fundamentals, including symmetric and asymmetric cryptography, TLS/mTLS, key management, and secrets handling best practices
• Demonstrated ability to drive cross-functional security initiatives, partnering with engineering, product, and legal teams to embed security requirements into roadmaps, influence architectural decisions, and align stakeholders across organizational boundaries
• Experience with GCP or Azure cloud platforms
• Knowledge of AI and LLM security
• Experience with software supply chain security and artifact integrity verification
• Familiarity with compliance and governance frameworks (SOC 2, ISO 27001, NIST 800-53, NIST AI RMF)
• Understanding of authentication and authorization patterns in modern applications, including OAuth 2.0, OIDC, SAML, RBAC, and ABAC
• Certifications such as CKS (Certified Kubernetes Security Specialist), CISSP, CSSLP, or AI/ML-focused security credentials