Back to jobs
New

Lead Application Security Engineer

Remote - US

WHO WE ARE 

Zeta Global (NYSE: ZETA) is the AI-Powered Marketing Cloud that leverages advanced artificial intelligence (AI) and trillions of consumer signals to make it easier for marketers to acquire, grow, and retain customers more efficiently. Through the Zeta Marketing Platform (ZMP), our vision is to make sophisticated marketing simple by unifying identity, intelligence, and omnichannel activation into a single platform – powered by one of the industry’s largest proprietary databases and AI. Our enterprise customers across multiple verticals are empowered to personalize experiences with consumers at an individual level across every channel, delivering better results for marketing programs. Zeta was founded in 2007 by David A. Steinberg and John Sculley and is headquartered in New York City with offices around the world. To learn more, go to www.zetaglobal.com.

About the Role
We’re seeking a Lead Application Security Engineer to help advance Zeta Global’s application and platform security posture through AI-native security practices, intelligent automation, and scalable security engineering. You’ll play a critical role in embedding security throughout the software development lifecycle by using AI-driven tools, automated controls, and data-informed risk prioritization to ensure our systems, applications, and AI-powered platforms are built securely from the ground up.

Zeta operates at massive scale, powering billions of consumer profiles and petabytes of data across real-time, AI-powered marketing platforms. In this role, you’ll collaborate with Engineering, Product, QA, DevOps, and AI platform teams to identify risks, design secure-by-default patterns, and build automated security capabilities that enable secure innovation at speed.

This position offers significant technical scope, cross-functional visibility, and the opportunity to directly influence the company’s security maturity through AI-enabled threat modeling, automated validation, intelligent vulnerability management, and proactive defense.

Key Responsibilities

AI-Driven Threat Modeling & Security Validation

  • Use AI-assisted threat modeling capabilities to identify application, platform, API, cloud, data, and AI/ML security risks early in the design and development process.
  • Leverage automated security review tools to evaluate architecture, design documents, code changes, APIs, and data flows for security gaps and control weaknesses.
  • Drive AI-assisted code security reviews using SAST, DAST, SCA, secrets detection, IaC scanning, container scanning, and contextual risk analysis.
  • Use automation and intelligent correlation to assess third-party libraries, APIs, vendor integrations, and open-source dependencies for security, compliance, and supply-chain risk.
  • Support AI-enabled red team, blue team, and incident response simulations to validate detection, prevention, and response capabilities.

Embedding AI-Native Security into the SDLC

  • Partner with developers and QA engineers to embed AI-driven security testing and automated risk detection into CI/CD pipelines.
  • Build and improve security automation that provides real-time feedback to developers during design, coding, testing, release, and deployment.
  • Use AI-assisted analysis to review architecture and design artifacts, identify risks earlier, and recommend secure implementation patterns.
  • Contribute to intelligent security checkpoints that reduce manual review effort while improving consistency, traceability, and developer velocity.
  • Help design scalable guardrails, reusable security controls, and policy-as-code capabilities across application and platform teams.

Emerging Threat Monitoring & Proactive Defense

  • Monitor evolving application, cloud, API, AI/ML, and data security risks using AI-assisted threat intelligence, vulnerability intelligence, and attack-pattern analysis.
  • Identify and evaluate AI-specific threats such as prompt injection, data poisoning, model abuse, model leakage, insecure tool use, and sensitive data exposure.
  • Assist in designing and deploying proactive defense mechanisms across applications, APIs, data platforms, and AI-powered systems.
  • Use automated signals, telemetry, and risk scoring to support investigations, post-incident analysis, and continuous improvement of prevention and detection capabilities.
  • Translate recurring vulnerabilities and incidents into feedback loops that improve threat models, secure design patterns, and SDLC controls.

Security Awareness, Standards & Scalable Enablement

  • Promote secure coding and secure design practices through AI-assisted guidance, reusable playbooks, automated recommendations, and developer-friendly documentation.
  • Contribute to internal security standards, secure engineering patterns, and AI-native security playbooks.
  • Help teams adopt security self-service capabilities that reduce dependency on manual AppSec review.
  • Collaborate closely with Engineering, DevOps, QA, Product, and AI platform teams to foster a security-first and automation-first culture.
  • Use metrics and insights to measure control effectiveness, remediation trends, developer adoption, and overall security maturity.

What You Need to Succeed

  • Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
  • 5+ years of experience in Application Security, DevSecOps, Secure Software Development, or Security Engineering.
  • Strong understanding of OWASP Top 10, SANS CWE Top 25, secure design principles, and application threat modeling.
  • Familiarity with AI/ML security concepts such as prompt injection, data poisoning, adversarial testing, model integrity, model abuse, and AI supply-chain risks.
  • Experience building or integrating AI-assisted security workflows, security bots, automated triage systems, or risk scoring models.
  • Experience using AI-assisted or automation-driven approaches to improve security testing, vulnerability analysis, code review, or risk prioritization.
  • Experience with modern application frameworks and architectures such as React, Node.js, Django, FastAPI, or similar technologies.
  • Knowledge of securing APIs, microservices, authentication, and authorization mechanisms such as OAuth2, OIDC, JWT, and service-to-service authentication.
  • Experience with cloud platforms such as AWS, GCP, or Azure, and containerized environments such as Docker and Kubernetes.
  • Working knowledge of security testing and automation tools such as Semgrep, SonarQube, Burp Suite, OWASP ZAP, Trivy, Snyk, GitHub Advanced Security, or similar tools.
  • Ability to analyze security findings, correlate risk context, and drive practical remediation guidance for engineering teams.
  • Strong collaboration and communication skills with the ability to work across Engineering, Product, QA, DevOps, and Security teams.

Nice to Have

  • Experience with policy-as-code, infrastructure-as-code security, CI/CD security controls, and automated governance.
  • Experience with automation frameworks and scripting for security testing, vulnerability validation, and remediation workflows.
  • Relevant certifications such as OSCP, GWAPT, CSSLP, cloud security certifications, or AI/ML-specific security certifications.

BENEFITS & PERKS

  • Unlimited PTO
  • Excellent medical, dental, and vision coverage
  • Employee Equity
  • Employee Discounts, Virtual Wellness Classes, and Pet Insurance And more!!

SALARY RANGE

The salary range for this role is $140,000 - $180,000, depending on location and experience. 

PEOPLE & CULTURE AT ZETA

Zeta considers applicants for employment without regard to, and does not discriminate on the basis of an individual’s sex, race, color, religion, age, disability, status as a veteran, or national or ethnic origin; nor does Zeta discriminate on the basis of sexual orientation, gender identity or expression.  

We’re committed to building a workplace culture of trust and belonging, so everyone feels invited to bring their whole selves to work. We provide a forum for employees to celebrate, support and advocate for one another. Learn more about our commitment to diversity, equity and inclusion here:  https://zetaglobal.com/blog/a-look-into-zetas-ergs/ 

ZETA IN THE NEWS!

https://zetaglobal.com/press/?cat=press-releases 

 

#LI-TS1

Create a Job Alert

Interested in building your career at Zeta Global? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Phone
Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf


Select...
Select...
Select...

Voluntary Demographic Questions

Zeta collects this Voluntary Demographic Data only with your consent, for the sole purpose of tracking and improving the diversity of our applicant pool. Any information you choose to provide will not be considered for employment purposes, will not be associated with your employment at Zeta if you are offered a position, and is not used to make hiring or employment decisions.  This data will be maintained unless you withdraw your consent. You may withdraw consent for this data to be maintained by Zeta at any time by contacting your Recruiter. If and when you are employed by Zeta, you may withdraw consent by contacting your HR Partner. If and when you onboard with Zeta, you will also be asked to complete an EEOC questionnaire that collects additional demographic data in order for Zeta to meet its legal requirements.

We are committed to building diverse teams with different identities, backgrounds and perspectives. We believe in providing a forum to connect at Zeta, to learn and celebrate differences. Our mission is to ensure we have an environment that enables a deep level of trust and belonging, so everyone feels invited to bring their whole selves to work, and to increase both diversity at Zeta as well as in the technology industry.  

Zeta considers applicants for employment without regard to, and does not discriminate on the basis of an individual’s sex, race, color, religion, age, disability, status as a veteran, or national or ethnic origin, or any other basis protected by applicable federal, state or local law; nor does Zeta discriminate on the basis of sexual orientation or gender identity or expression.  

Select...
Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Zeta Global’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.