Lead Application Security Engineer

Zeta Global


Job Location:

San Francisco, CA - USA

Monthly Salary: $ 140000 - 180000
Posted on: 17 hours ago
Vacancies: 1 Vacancy

Job Summary

WHO WE ARE

Zeta Global (NYSE: ZETA) is the AI-Powered Marketing Cloud that leverages advanced artificial intelligence (AI) and trillions of consumer signals to make it easier for marketers to acquire grow and retain customers more efficiently. Through the Zeta Marketing Platform (ZMP) our vision is to make sophisticated marketing simple by unifying identity intelligence and omnichannel activation into a single platform powered by one of the industrys largest proprietary databases and AI. Our enterprise customers across multiple verticals are empowered to personalize experiences with consumers at an individual level across every channel delivering better results for marketing programs. Zeta was founded in 2007 by David A. Steinberg and John Sculley and is headquartered in New York City with offices around the world. To learn more go to .

About the Role
Were seeking a Lead Application Security Engineer to help advance Zeta Globals application and platform security posture through AI-native security practices intelligent automation and scalable security engineering. Youll play a critical role in embedding security throughout the software development lifecycle by using AI-driven tools automated controls and data-informed risk prioritization to ensure our systems applications and AI-powered platforms are built securely from the ground up.

Zeta operates at massive scale powering billions of consumer profiles and petabytes of data across real-time AI-powered marketing this role youll collaborate with Engineering Product QA DevOps and AI platform teams to identify risks design secure-by-default patterns and build automated security capabilities that enable secure innovation at speed.

This position offers significant technical scope cross-functional visibility and the opportunity to directly influence the companys security maturity through AI-enabled threat modeling automated validation intelligent vulnerability management and proactive defense.

Key Responsibilities

AI-Driven Threat Modeling & Security Validation

  • Use AI-assisted threat modeling capabilities to identify application platform API cloud data and AI/ML security risks early in the design and development process.
  • Leverage automated security review tools to evaluate architecture design documents code changes APIs and data flows for security gaps and control weaknesses.
  • Drive AI-assisted code security reviews using SAST DAST SCA secrets detection IaC scanning container scanning and contextual risk analysis.
  • Use automation and intelligent correlation to assess third-party libraries APIs vendor integrations and open-source dependencies for security compliance and supply-chain risk.
  • Support AI-enabled red team blue team and incident response simulations to validate detection prevention and response capabilities.

Embedding AI-Native Security into the SDLC

  • Partner with developers and QA engineers to embed AI-driven security testing and automated risk detection into CI/CD pipelines.
  • Build and improve security automation that provides real-time feedback to developers during design coding testing release and deployment.
  • Use AI-assisted analysis to review architecture and design artifacts identify risks earlier and recommend secure implementation patterns.
  • Contribute to intelligent security checkpoints that reduce manual review effort while improving consistency traceability and developer velocity.
  • Help design scalable guardrails reusable security controls and policy-as-code capabilities across application and platform teams.

Emerging Threat Monitoring & Proactive Defense

  • Monitor evolving application cloud API AI/ML and data security risks using AI-assisted threat intelligence vulnerability intelligence and attack-pattern analysis.
  • Identify and evaluate AI-specific threats such as prompt injection data poisoning model abuse model leakage insecure tool use and sensitive data exposure.
  • Assist in designing and deploying proactive defense mechanisms across applications APIs data platforms and AI-powered systems.
  • Use automated signals telemetry and risk scoring to support investigations post-incident analysis and continuous improvement of prevention and detection capabilities.
  • Translate recurring vulnerabilities and incidents into feedback loops that improve threat models secure design patterns and SDLC controls.

Security Awareness Standards & Scalable Enablement

  • Promote secure coding and secure design practices through AI-assisted guidance reusable playbooks automated recommendations and developer-friendly documentation.
  • Contribute to internal security standards secure engineering patterns and AI-native security playbooks.
  • Help teams adopt security self-service capabilities that reduce dependency on manual AppSec review.
  • Collaborate closely with Engineering DevOps QA Product and AI platform teams to foster a security-first and automation-first culture.
  • Use metrics and insights to measure control effectiveness remediation trends developer adoption and overall security maturity.

What You Need to Succeed

  • Bachelors degree in Computer Science Cybersecurity or a related field or equivalent practical experience.
  • 5 years of experience in Application Security DevSecOps Secure Software Development or Security Engineering.
  • Strong understanding of OWASP Top 10 SANS CWE Top 25 secure design principles and application threat modeling.
  • Familiarity with AI/ML security concepts such as prompt injection data poisoning adversarial testing model integrity model abuse and AI supply-chain risks.
  • Experience building or integrating AI-assisted security workflows security bots automated triage systems or risk scoring models.
  • Experience using AI-assisted or automation-driven approaches to improve security testing vulnerability analysis code review or risk prioritization.
  • Experience with modern application frameworks and architectures such as React Django FastAPI or similar technologies.
  • Knowledge of securing APIs microservices authentication and authorization mechanisms such as OAuth2 OIDC JWT and service-to-service authentication.
  • Experience with cloud platforms such as AWS GCP or Azure and containerized environments such as Docker and Kubernetes.
  • Working knowledge of security testing and automation tools such as Semgrep SonarQube Burp Suite OWASP ZAP Trivy Snyk GitHub Advanced Security or similar tools.
  • Ability to analyze security findings correlate risk context and drive practical remediation guidance for engineering teams.
  • Strong collaboration and communication skills with the ability to work across Engineering Product QA DevOps and Security teams.

Nice to Have

  • Experience with policy-as-code infrastructure-as-code security CI/CD security controls and automated governance.
  • Experience with automation frameworks and scripting for security testing vulnerability validation and remediation workflows.
  • Relevant certifications such as OSCP GWAPT CSSLP cloud security certifications or AI/ML-specific security certifications.

BENEFITS & PERKS

  • Unlimited PTO
  • Excellent medical dental and vision coverage
  • Employee Equity
  • Employee Discounts Virtual Wellness Classes and Pet Insurance And more!!

SALARY RANGE

The salary range for this role is $140000 - $180000 depending on location and experience.

PEOPLE & CULTURE AT ZETA

Zeta considers applicants for employment without regard to and does not discriminate on the basis of an individuals sex race color religion age disability status as a veteran or national or ethnic origin; nor does Zeta discriminate on the basis of sexual orientation gender identity or expression.

Were committed to building a workplace culture of trust and belonging so everyone feels invited to bring their whole selves to work. We provide a forum for employees to celebrate support and advocate for one another. Learn more about our commitment to diversity equity and inclusion here: IN THE NEWS!

Experience:

IC

WHO WE AREZeta Global (NYSE: ZETA) is the AI-Powered Marketing Cloud that leverages advanced artificial intelligence (AI) and trillions of consumer signals to make it easier for marketers to acquire grow and retain customers more efficiently. Through the Zeta Marketing Platform (ZMP) our vision is t...

About Company

Company Logo

Zeta Global empowers businesses with cutting-edge data-driven marketing solutions. Harness the potential of AI-driven insights and customer engagement.

View Profile View Profile