Zeta Global
Lead Application Security Engineer
Zeta Global, San Francisco, California, United States, 94199
Lead Application Security Engineer
at
Zeta Global
is responsible for embedding security into every stage of the development lifecycle, driving best practices, and safeguarding high-performance AI-powered marketing platforms.
Key Responsibilities
Lead threat modeling and security architecture reviews for distributed, event-driven systems.
Integrate security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD and AI/ML pipelines.
Coordinate incident simulations for AI systems and oversee red/blue team exercises.
Conduct security reviews of third-party vendors and tools to ensure alignment with enterprise standards.
Collaborate with engineers and product teams to build secure features without impeding innovation.
Establish and lead security checkpoints across the software development lifecycle.
Review system designs and data flow diagrams to identify and mitigate risks early.
Drive informed Go/No-Go security decisions for all major production deployments.
Stay on the forefront of security innovations, monitoring modern threat vectors like LLM jailbreaks, prompt injection, and data poisoning.
Recommend and implement forward-looking controls to safeguard AI models and data platforms.
Evangelize secure coding and AI security through training, brown bag sessions, and workshops.
Develop and roll out internal security policies, standards, and best practices.
Raise awareness of security threats through documentation and hands-on engagement.
Foster a security-first culture across engineering, product, and data teams.
Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, or related field, or equivalent experience.
5+ years of experience in Application Security, DevSecOps, or secure software development.
In-depth understanding of OWASP Top 10, SANS CWE Top 25, MITRE ATT&CK for ML, and adversarial threat modeling.
Experience securing modern frameworks and architectures (e.g., React, Node.js, Django, FastAPI).
Familiarity with AI/ML attack vectors including model inversion, adversarial examples, and training pipeline integrity.
Strong foundation in OAuth2, OpenID Connect, JWT, and securing APIs and microservices.
Experience with cloud-native security (e.g., AWS, GCP, Azure) and container technologies (Docker, Kubernetes).
Strong communication and stakeholder management skills.
Nice to Have
Hands‑on experience with tools like Semgrep, Veracode, Checkmarx, SonarQube, Burp Suite, Zap, Trivy, Brakeman, or LangSec.
Certifications such as OSCP, CSSLP, GWAPT, or ML‑specific certs (e.g., MITRE ATT&CK Defender for ML).
Benefits & Perks
Unlimited PTO
Excellent medical, dental, and vision coverage
Employee equity
Employee discounts, virtual wellness classes, and pet insurance
Salary Range $150,000 – $190,000, depending on location and experience.
EEO Statement Zeta Global considers applicants for employment without regard to, and does not discriminate on the basis of an individual’s sex, race, color, religion, age, disability, status as a veteran, or national or ethnic origin; nor does Zeta discriminate on the basis of sexual orientation, gender identity or expression.
#J-18808-Ljbffr
at
Zeta Global
is responsible for embedding security into every stage of the development lifecycle, driving best practices, and safeguarding high-performance AI-powered marketing platforms.
Key Responsibilities
Lead threat modeling and security architecture reviews for distributed, event-driven systems.
Integrate security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD and AI/ML pipelines.
Coordinate incident simulations for AI systems and oversee red/blue team exercises.
Conduct security reviews of third-party vendors and tools to ensure alignment with enterprise standards.
Collaborate with engineers and product teams to build secure features without impeding innovation.
Establish and lead security checkpoints across the software development lifecycle.
Review system designs and data flow diagrams to identify and mitigate risks early.
Drive informed Go/No-Go security decisions for all major production deployments.
Stay on the forefront of security innovations, monitoring modern threat vectors like LLM jailbreaks, prompt injection, and data poisoning.
Recommend and implement forward-looking controls to safeguard AI models and data platforms.
Evangelize secure coding and AI security through training, brown bag sessions, and workshops.
Develop and roll out internal security policies, standards, and best practices.
Raise awareness of security threats through documentation and hands-on engagement.
Foster a security-first culture across engineering, product, and data teams.
Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, or related field, or equivalent experience.
5+ years of experience in Application Security, DevSecOps, or secure software development.
In-depth understanding of OWASP Top 10, SANS CWE Top 25, MITRE ATT&CK for ML, and adversarial threat modeling.
Experience securing modern frameworks and architectures (e.g., React, Node.js, Django, FastAPI).
Familiarity with AI/ML attack vectors including model inversion, adversarial examples, and training pipeline integrity.
Strong foundation in OAuth2, OpenID Connect, JWT, and securing APIs and microservices.
Experience with cloud-native security (e.g., AWS, GCP, Azure) and container technologies (Docker, Kubernetes).
Strong communication and stakeholder management skills.
Nice to Have
Hands‑on experience with tools like Semgrep, Veracode, Checkmarx, SonarQube, Burp Suite, Zap, Trivy, Brakeman, or LangSec.
Certifications such as OSCP, CSSLP, GWAPT, or ML‑specific certs (e.g., MITRE ATT&CK Defender for ML).
Benefits & Perks
Unlimited PTO
Excellent medical, dental, and vision coverage
Employee equity
Employee discounts, virtual wellness classes, and pet insurance
Salary Range $150,000 – $190,000, depending on location and experience.
EEO Statement Zeta Global considers applicants for employment without regard to, and does not discriminate on the basis of an individual’s sex, race, color, religion, age, disability, status as a veteran, or national or ethnic origin; nor does Zeta discriminate on the basis of sexual orientation, gender identity or expression.
#J-18808-Ljbffr