Lead Application Security Engineer at Zeta Global — Remote
Full job description
WHO WE ARE
About the Role
We’re seeking a Lead Application Security Engineer to help advance Zeta Global’s application and platform security posture through AI-native security practices, intelligent automation, and scalable security engineering. You’ll play a critical role in embedding security throughout the software development lifecycle by using AI-driven tools, automated controls, and data-informed risk prioritization to ensure our systems, applications, and AI-powered platforms are built securely from the ground up.
Zeta operates at massive scale, powering billions of consumer profiles and petabytes of data across real-time, AI-powered marketing platforms. In this role, you’ll collaborate with Engineering, Product, QA, DevOps, and AI platform teams to identify risks, design secure-by-default patterns, and build automated security capabilities that enable secure innovation at speed.
This position offers significant technical scope, cross-functional visibility, and the opportunity to directly influence the company’s security maturity through AI-enabled threat modeling, automated validation, intelligent vulnerability management, and proactive defense.
Key Responsibilities
AI-Driven Threat Modeling & Security Validation
- Use AI-assisted threat modeling capabilities to identify application, platform, API, cloud, data, and AI/ML security risks early in the design and development process.
- Leverage automated security review tools to evaluate architecture, design documents, code changes, APIs, and data flows for security gaps and control weaknesses.
- Drive AI-assisted code security reviews using SAST, DAST, SCA, secrets detection, IaC scanning, container scanning, and contextual risk analysis.
- Use automation and intelligent correlation to assess third-party libraries, APIs, vendor integrations, and open-source dependencies for security, compliance, and supply-chain risk.
- Support AI-enabled red team, blue team, and incident response simulations to validate detection, prevention, and response capabilities.
Embedding AI-Native Security into the SDLC
- Partner with developers and QA engineers to embed AI-driven security testing and automated risk detection into CI/CD pipelines.
- Build and improve security automation that provides real-time feedback to developers during design, coding, testing, release, and deployment.
- Use AI-assisted analysis to review architecture and design artifacts, identify risks earlier, and recommend secure implementation patterns.
- Contribute to intelligent security checkpoints that reduce manual review effort while improving consistency, traceability, and developer velocity.
- Help design scalable guardrails, reusable security controls, and policy-as-code capabilities across application and platform teams.
Emerging Threat Monitoring & Proactive Defense
- Monitor evolving application, cloud, API, AI/ML, and data security risks using AI-assisted threat intelligence, vulnerability intelligence, and attack-pattern analysis.
- Identify and evaluate AI-specific threats such as prompt injection, data poisoning, model abuse, model leakage, insecure tool use, and sensitive data exposure.
- Assist in designing and deploying proactive defense mechanisms across applications, APIs, data platforms, and AI-powered systems.
- Use automated signals, telemetry, and risk scoring to support investigations, post-incident analysis, and continuous improvement of prevention and detection capabilities.
- Translate recurring vulnerabilities and incidents into feedback loops that improve threat models, secure design patterns, and SDLC controls.
Security Awareness, Standards & Scalable Enablement
- Promote secure coding and secure design practices through AI-assisted guidance, reusable playbooks, automated recommendations, and developer-friendly documentation.
- Contribute to internal security standards, secure engineering patterns, and AI-native security playbooks.
- Help teams adopt security self-service capabilities that reduce dependency on manual AppSec review.
- Collaborate closely with Engineering, DevOps, QA, Product, and AI platform teams to foster a security-first and automation-first culture.
- Use metrics and insights to measure control effectiveness, remediation trends, developer adoption, and overall security maturity.
What You Need to Succeed
- Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
- 5+ years of experience in Application Security, DevSecOps, Secure Software Development, or Security Engineering.
- Strong understanding of OWASP Top 10, SANS CWE Top 25, secure design principles, and application threat modeling.
- Familiarity with AI/ML security concepts such as prompt injection, data poisoning, adversarial testing, model integrity, model abuse, and AI supply-chain risks.
- Experience building or integrating AI-assisted security workflows, security bots, automated triage systems, or risk scoring models.
- Experience using AI-assisted or automation-driven approaches to improve security testing, vulnerability analysis, code review, or risk prioritization.
- Experience with modern application frameworks and architectures such as React, Node.js, Django, FastAPI, or similar technologies.
- Knowledge of securing APIs, microservices, authentication, and authorization mechanisms such as OAuth2, OIDC, JWT, and service-to-service authentication.
- Experience with cloud platforms such as AWS, GCP, or Azure, and containerized environments such as Docker and Kubernetes.
- Working knowledge of security testing and automation tools such as Semgrep, SonarQube, Burp Suite, OWASP ZAP, Trivy, Snyk, GitHub Advanced Security, or similar tools.
- Ability to analyze security findings, correlate risk context, and drive practical remediation guidance for engineering teams.
- Strong collaboration and communication skills with the ability to work across Engineering, Product, QA, DevOps, and Security teams.
Nice to Have
- Experience with policy-as-code, infrastructure-as-code security, CI/CD security controls, and automated governance.
- Experience with automation frameworks and scripting for security testing, vulnerability validation, and remediation workflows.
- Relevant certifications such as OSCP, GWAPT, CSSLP, cloud security certifications, or AI/ML-specific security certifications.
BENEFITS & PERKS
- Unlimited PTO
- Excellent medical, dental, and vision coverage
- Employee Equity
- Employee Discounts, Virtual Wellness Classes, and Pet Insurance And more!!
SALARY RANGE
The salary range for this role is $140,000 - $180,000, depending on location and experience.
PEOPLE & CULTURE AT ZETA
ZETA IN THE NEWS!
#LI-TS1
Required skills
- microsoft azure
- continuous integration
- communication
- artificial intelligence
- cross-functional
- google cloud platform
- fastapi
- microservices
- react
- kubernetes