Staff Product Security Engineer

The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content.

The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.S., U.K., Finland, India, Singapore, Canada, and Ireland. Come join us!

We’re looking for a Staff Product Security Engineer to lead the design and implementation of secure, scalable, and trustworthy products spanning AI, data, and cloud-native systems.
You’ll work closely with engineering, data science, and infrastructure teams to embed security by design throughout the product lifecycle.

This role sits at the intersection of AI/ML security, secure product development, and container/cloud-native protection, helping define the architecture, automation, and frameworks that enable secure, intelligent products at scale.

• →Embed robust security practices throughout the software and AI development lifecycle (SDLC).
• →Lead secure design reviews, threat modeling, and risk assessments for AI-driven products, APIs, and backend services.
• →Partner with engineering and product teams to ensure security, privacy, and compliance by design.
• →Build and maintain security automation and governance frameworks that integrate seamlessly into development workflows.
• →Architect and enforce security controls for AI/ML systems, including model training, data pipelines, and inference environments.
• →Identify and mitigate AI-specific attack vectors such as data poisoning, model inversion, prompt injection, and model theft.
• →Collaborate with governance and compliance teams to align with ethical AI principles and frameworks like NIST AI RMF and the EU AI Act.
• →Implement model provenance, integrity, and auditability controls to ensure responsible and secure AI operations.
• →Partner with DevOps and SRE teams to secure service meshes, container networking, and secrets management.
• →Drive software supply chain security, including artifact integrity, dependency management, and vulnerability reduction.
• →Build internal frameworks for continuous assurance and real-time vulnerability management.
• →Define and maintain reference security architectures for microservices, APIs, and AI-powered systems deployed in the cloud.
• →Mentor teams on secure coding, containerization best practices, and AI risk management.
• →Promote a security-first culture through advocacy, documentation, and training.
• →Represent product security in cross-functional initiatives and leadership discussions.

• 7+ years of experience in product, application, or cloud security engineering.
• Deep understanding of secure SDLC, threat modeling, and secure architecture design.
• Proven expertise with AWS cloud security concepts and best practices.
• Strong experience with container security, orchestration, and runtime protection.
• Proficiency in Python, Java, and/or JavaScript for security automation, code review, and tooling.
• Experience securing AI/ML pipelines, data workflows, or model-serving infrastructure.
• Familiarity with DevSecOps and continuous integration/deployment environments.
• Familiarity with encryption fundamentals, including symmetric and asymmetric cryptography, TLS/mTLS, key management, and secrets handling best practices.
• Demonstrated ability to drive cross-functional security initiatives, partnering with engineering, product, and legal teams to embed security requirements into roadmaps, influence architectural decisions, and align stakeholders across organizational boundaries.

• Experience with GCP or Azure cloud platforms.
• Knowledge of AI and LLM security
• Experience with software supply chain security and artifact integrity verification.
• Familiarity with compliance and governance frameworks (SOC 2, ISO 27001, NIST 800-53, NIST AI RMF).
• Understanding of authentication and authorization patterns in modern applications, including OAuth 2.0, OIDC, SAML, RBAC, and ABAC.
• Certifications such as CKS (Certified Kubernetes Security Specialist), CISSP, CSSLP, or AI/ML-focused security credentials.