About the Role
We’re seeking a Senior Application Security Engineer to help advance Zeta Global’s
application and platform security posture through AI-native security practices, intelligent
automation, and scalable security engineering. You’ll play a critical role in embedding
security throughout the software development lifecycle by using AI-driven tools,
automated controls, and data-informed risk prioritization to ensure our systems,
applications, and AI-powered platforms are built securely from the ground up.
Zeta operates at massive scale, powering billions of consumer profiles and petabytes of
data across real-time, AI-powered marketing platforms. In this role, you’ll collaborate
with Engineering, Product, QA, DevOps, and AI platform teams to identify risks, design
secure-by-default patterns, and build automated security capabilities that enable secure
innovation at speed.
This position offers significant technical scope, cross-functional visibility, and the
opportunity to directly influence the company’s security maturity through AI-enabled
threat modeling, automated validation, intelligent vulnerability management, and
proactive defense.
Key Responsibilities
AI-Driven Threat Modeling & Security Validation
• Use AI-assisted threat modeling capabilities to identify application, platform, API,
cloud, data, and AI/ML security risks early in the design and development
process.
• Leverage automated security review tools to evaluate architecture, design
documents, code changes, APIs, and data flows for security gaps and control
weaknesses.
• Drive AI-assisted code security reviews using SAST, DAST, SCA, secrets
detection, IaC scanning, container scanning, and contextual risk analysis.
• Use automation and intelligent correlation to assess third-party libraries, APIs,
vendor integrations, and open-source dependencies for security, compliance,
and supply-chain risk.
• Support AI-enabled red team, blue team, and incident response simulations to
validate detection, prevention, and response capabilities.
Embedding AI-Native Security into the SDLC
• Partner with developers and QA engineers to embed AI-driven security testing
and automated risk detection into CI/CD pipelines.
• Build and improve security automation that provides real-time feedback to
developers during design, coding, testing, release, and deployment.
• Use AI-assisted analysis to review architecture and design artifacts, identify risks
earlier, and recommend secure implementation patterns.
• Contribute to intelligent security checkpoints that reduce manual review effort
while improving consistency, traceability, and developer velocity.
• Help design scalable guardrails, reusable security controls, and policy-as-code
capabilities across application and platform teams.
Emerging Threat Monitoring & Proactive Defense
• Monitor evolving application, cloud, API, AI/ML, and data security risks using AIassisted threat intelligence, vulnerability intelligence, and attack-pattern analysis.
• Identify and evaluate AI-specific threats such as prompt injection, data poisoning,
model abuse, model leakage, insecure tool use, and sensitive data exposure.
• Assist in designing and deploying proactive defense mechanisms across
applications, APIs, data platforms, and AI-powered systems.
• Use automated signals, telemetry, and risk scoring to support investigations,
post-incident analysis, and continuous improvement of prevention and detection
capabilities.
• Translate recurring vulnerabilities and incidents into feedback loops that improve
threat models, secure design patterns, and SDLC controls.
Security Awareness, Standards & Scalable Enablement
• Promote secure coding and secure design practices through AI-assisted
guidance, reusable playbooks, automated recommendations, and developerfriendly documentation.
• Contribute to internal security standards, secure engineering patterns, and AInative security playbooks.
• Help teams adopt security self-service capabilities that reduce dependency on
manual AppSec review.
• Collaborate closely with Engineering, DevOps, QA, Product, and AI platform
teams to foster a security-first and automation-first culture.
• Use metrics and insights to measure control effectiveness, remediation trends,
developer adoption, and overall security maturity.
What You Need to Succeed
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or
equivalent practical experience.
• 2–4 years of experience in Application Security, DevSecOps, Secure Software
Development, or Security Engineering.
• Strong understanding of OWASP Top 10, SANS CWE Top 25, secure design
principles, and application threat modeling.
• Experience using AI-assisted or automation-driven approaches to improve
security testing, vulnerability analysis, code review, or risk prioritization.
• Experience with modern application frameworks and architectures such as
React, Node.js, Django, FastAPI, or similar technologies.
• Knowledge of securing APIs, microservices, authentication, and authorization
mechanisms such as OAuth2, OIDC, JWT, and service-to-service authentication.
• Experience with cloud platforms such as AWS, GCP, or Azure, and containerized
environments such as Docker and Kubernetes.
• Working knowledge of security testing and automation tools such as Semgrep,
SonarQube, Burp Suite, OWASP ZAP, Trivy, Snyk, GitHub Advanced Security,
or similar tools.
• Ability to analyze security findings, correlate risk context, and drive practical
remediation guidance for engineering teams.
• Strong collaboration and communication skills with the ability to work across
Engineering, Product, QA, DevOps, and Security teams.
Nice to Have
• Familiarity with AI/ML security concepts such as prompt injection, data poisoning,
adversarial testing, model integrity, model abuse, and AI supply-chain risks.
• Experience building or integrating AI-assisted security workflows, security bots,
automated triage systems, or risk scoring models.
• Experience with policy-as-code, infrastructure-as-code security, CI/CD security
controls, and automated governance.
• Experience with automation frameworks and scripting for security testing,
vulnerability validation, and remediation workflows.
• Relevant certifications such as OSCP, GWAPT, CSSLP, cloud security
certifications, or AI/ML-specific security certifications