Zeta Global · San Francisco, CA

Lead Application Security Engineer at Zeta Global — San Francisco, CA

Full-timeSan Francisco, CA$140,000–$180,000/yearPosted 2026-07-13Apply on Greenhouse

Full job description

WHO WE ARE 

About the Role
We’re seeking a Lead Application Security Engineer to help advance Zeta Global’s application and platform security posture through AI-native security practices, intelligent automation, and scalable security engineering. You’ll play a critical role in embedding security throughout the software development lifecycle by using AI-driven tools, automated controls, and data-informed risk prioritization to ensure our systems, applications, and AI-powered platforms are built securely from the ground up.

Zeta operates at massive scale, powering billions of consumer profiles and petabytes of data across real-time, AI-powered marketing platforms. In this role, you’ll collaborate with Engineering, Product, QA, DevOps, and AI platform teams to identify risks, design secure-by-default patterns, and build automated security capabilities that enable secure innovation at speed.

This position offers significant technical scope, cross-functional visibility, and the opportunity to directly influence the company’s security maturity through AI-enabled threat modeling, automated validation, intelligent vulnerability management, and proactive defense.

Key Responsibilities

AI-Driven Threat Modeling & Security Validation

  • Use AI-assisted threat modeling capabilities to identify application, platform, API, cloud, data, and AI/ML security risks early in the design and development process.
  • Leverage automated security review tools to evaluate architecture, design documents, code changes, APIs, and data flows for security gaps and control weaknesses.
  • Drive AI-assisted code security reviews using SAST, DAST, SCA, secrets detection, IaC scanning, container scanning, and contextual risk analysis.
  • Use automation and intelligent correlation to assess third-party libraries, APIs, vendor integrations, and open-source dependencies for security, compliance, and supply-chain risk.
  • Support AI-enabled red team, blue team, and incident response simulations to validate detection, prevention, and response capabilities.

Embedding AI-Native Security into the SDLC

  • Partner with developers and QA engineers to embed AI-driven security testing and automated risk detection into CI/CD pipelines.
  • Build and improve security automation that provides real-time feedback to developers during design, coding, testing, release, and deployment.
  • Use AI-assisted analysis to review architecture and design artifacts, identify risks earlier, and recommend secure implementation patterns.
  • Contribute to intelligent security checkpoints that reduce manual review effort while improving consistency, traceability, and developer velocity.
  • Help design scalable guardrails, reusable security controls, and policy-as-code capabilities across application and platform teams.

Emerging Threat Monitoring & Proactive Defense

  • Monitor evolving application, cloud, API, AI/ML, and data security risks using AI-assisted threat intelligence, vulnerability intelligence, and attack-pattern analysis.
  • Identify and evaluate AI-specific threats such as prompt injection, data poisoning, model abuse, model leakage, insecure tool use, and sensitive data exposure.
  • Assist in designing and deploying proactive defense mechanisms across applications, APIs, data platforms, and AI-powered systems.
  • Use automated signals, telemetry, and risk scoring to support investigations, post-incident analysis, and continuous improvement of prevention and detection capabilities.
  • Translate recurring vulnerabilities and incidents into feedback loops that improve threat models, secure design patterns, and SDLC controls.

Security Awareness, Standards & Scalable Enablement

  • Promote secure coding and secure design practices through AI-assisted guidance, reusable playbooks, automated recommendations, and developer-friendly documentation.
  • Contribute to internal security standards, secure engineering patterns, and AI-native security playbooks.
  • Help teams adopt security self-service capabilities that reduce dependency on manual AppSec review.
  • Collaborate closely with Engineering, DevOps, QA, Product, and AI platform teams to foster a security-first and automation-first culture.
  • Use metrics and insights to measure control effectiveness, remediation trends, developer adoption, and overall security maturity.

What You Need to Succeed

  • Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
  • 5+ years of experience in Application Security, DevSecOps, Secure Software Development, or Security Engineering.
  • Strong understanding of OWASP Top 10, SANS CWE Top 25, secure design principles, and application threat modeling.
  • Familiarity with AI/ML security concepts such as prompt injection, data poisoning, adversarial testing, model integrity, model abuse, and AI supply-chain risks.
  • Experience building or integrating AI-assisted security workflows, security bots, automated triage systems, or risk scoring models.
  • Experience using AI-assisted or automation-driven approaches to improve security testing, vulnerability analysis, code review, or risk prioritization.
  • Experience with modern application frameworks and architectures such as React, Node.js, Django, FastAPI, or similar technologies.
  • Knowledge of securing APIs, microservices, authentication, and authorization mechanisms such as OAuth2, OIDC, JWT, and service-to-service authentication.
  • Experience with cloud platforms such as AWS, GCP, or Azure, and containerized environments such as Docker and Kubernetes.
  • Working knowledge of security testing and automation tools such as Semgrep, SonarQube, Burp Suite, OWASP ZAP, Trivy, Snyk, GitHub Advanced Security, or similar tools.
  • Ability to analyze security findings, correlate risk context, and drive practical remediation guidance for engineering teams.
  • Strong collaboration and communication skills with the ability to work across Engineering, Product, QA, DevOps, and Security teams.

Nice to Have

  • Experience with policy-as-code, infrastructure-as-code security, CI/CD security controls, and automated governance.
  • Experience with automation frameworks and scripting for security testing, vulnerability validation, and remediation workflows.
  • Relevant certifications such as OSCP, GWAPT, CSSLP, cloud security certifications, or AI/ML-specific security certifications.

BENEFITS & PERKS

  • Unlimited PTO
  • Excellent medical, dental, and vision coverage
  • Employee Equity
  • Employee Discounts, Virtual Wellness Classes, and Pet Insurance And more!!

SALARY RANGE

The salary range for this role is $140,000 - $180,000, depending on location and experience. 

PEOPLE & CULTURE AT ZETA

ZETA IN THE NEWS!

 

#LI-TS1

 

Required skills

  • node.js
  • github
  • docker
  • communication
  • google cloud platform
  • amazon web services
  • django
  • microsoft azure
  • javascript
  • cross-functional