Senior Product Security Engineer, Application Security

Job Description

About AlphaSense: The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content.

The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.

S. , U.

K. , Finland, India, Singapore, Canada, and Ireland. Come join us!

Location: Remote, USA About the RoleAs an Application Security – Senior Product Security Engineer, you will play a critical role in securing AlphaSense’s cloud-based SaaS products. You will partner with engineering and product teams to embed security best practices into our SDLC, enhance automation across CI/CD, and ensure our customers’ data and insights remain protected. You’ll be a hands-on security engineer who can balance risk reduction with the fast-paced innovation of a global AI-driven technology company.

Key ResponsibilitiesLead application security initiatives across all SaaS products and microservices. Conduct threat modeling, architecture reviews, and secure code assessments for both backend and frontend systems.

Implement and manage security automation in CI/CD, integrating SAST, DAST, SCA, and container image scanning tools. Collaborate with engineering teams to triage, prioritize, and remediate vulnerabilities across applications and containerized workloads. Drive AppSec awareness and training, developing secure coding practices and guidelines.

Evaluate and deploy container security controls, ensuring images and orchestrators (Kubernetes, ECS, etc. ) follow best practices. Support bug bounty and vulnerability disclosure programs and coordinate penetration testing.

Stay ahead of emerging application and container threats, and recommend preventive controls aligned with OWASP and CIS benchmarks. Required Qualifications5+ years of experience in Application or Product Security, preferably in a SaaS or cloud-native environmentStrong understanding of web app and API security, microservices, and containerized architecturesExperience integrating security tooling into modern CI/CD workflowsProficiency with SAST, DAST, IaC scanning, and container security platformsSkilled in secure coding and code review for at least one major language (Python, Java, Go, JavaScript). Familiarity with AWS security, Kubernetes security, and DevSecOps best practices.

Nice to HaveExperience in data analytics or AI/ML product environments. Prior experience managing or integrating container runtime protection and supply chain security. Certifications such as OSWE, OSCP, CSSLP, AWS Security Specialty, or CISSP.

EWJD3