Senior Application Security Engineer

No longer listed
Zeta Global
RemotePosted Jul 13, 2026
Apply

About the Role
We’re seeking a Senior Application Security Engineer to help advance Zeta Global’s
application and platform security posture through AI-native security practices, intelligent 
automation, and scalable security engineering. You’ll play a critical role in embedding 
security throughout the software development lifecycle by using AI-driven tools, 
automated controls, and data-informed risk prioritization to ensure our systems, 
applications, and AI-powered platforms are built securely from the ground up.

Zeta operates at massive scale, powering billions of consumer profiles and petabytes of 
data across real-time, AI-powered marketing platforms. In this role, you’ll collaborate 
with Engineering, Product, QA, DevOps, and AI platform teams to identify risks, design 
secure-by-default patterns, and build automated security capabilities that enable secure 
innovation at speed.

This position offers significant technical scope, cross-functional visibility, and the 
opportunity to directly influence the company’s security maturity through AI-enabled 
threat modeling, automated validation, intelligent vulnerability management, and 
proactive defense.

Key Responsibilities

AI-Driven Threat Modeling & Security Validation
• Use AI-assisted threat modeling capabilities to identify application, platform, API, 
cloud, data, and AI/ML security risks early in the design and development 
process.
• Leverage automated security review tools to evaluate architecture, design 
documents, code changes, APIs, and data flows for security gaps and control 
weaknesses.
• Drive AI-assisted code security reviews using SAST, DAST, SCA, secrets 
detection, IaC scanning, container scanning, and contextual risk analysis.
• Use automation and intelligent correlation to assess third-party libraries, APIs, 
vendor integrations, and open-source dependencies for security, compliance, 
and supply-chain risk.
• Support AI-enabled red team, blue team, and incident response simulations to 
validate detection, prevention, and response capabilities.

Embedding AI-Native Security into the SDLC
• Partner with developers and QA engineers to embed AI-driven security testing 
and automated risk detection into CI/CD pipelines.
• Build and improve security automation that provides real-time feedback to 
developers during design, coding, testing, release, and deployment.
• Use AI-assisted analysis to review architecture and design artifacts, identify risks 
earlier, and recommend secure implementation patterns.
• Contribute to intelligent security checkpoints that reduce manual review effort 
while improving consistency, traceability, and developer velocity.
• Help design scalable guardrails, reusable security controls, and policy-as-code 
capabilities across application and platform teams.

Emerging Threat Monitoring & Proactive Defense
• Monitor evolving application, cloud, API, AI/ML, and data security risks using AIassisted threat intelligence, vulnerability intelligence, and attack-pattern analysis.
• Identify and evaluate AI-specific threats such as prompt injection, data poisoning, 
model abuse, model leakage, insecure tool use, and sensitive data exposure.
• Assist in designing and deploying proactive defense mechanisms across 
applications, APIs, data platforms, and AI-powered systems.
• Use automated signals, telemetry, and risk scoring to support investigations, 
post-incident analysis, and continuous improvement of prevention and detection 
capabilities.
• Translate recurring vulnerabilities and incidents into feedback loops that improve 
threat models, secure design patterns, and SDLC controls.

Security Awareness, Standards & Scalable Enablement
• Promote secure coding and secure design practices through AI-assisted 
guidance, reusable playbooks, automated recommendations, and developerfriendly documentation.
• Contribute to internal security standards, secure engineering patterns, and AInative security playbooks.
• Help teams adopt security self-service capabilities that reduce dependency on 
manual AppSec review.
• Collaborate closely with Engineering, DevOps, QA, Product, and AI platform 
teams to foster a security-first and automation-first culture.
• Use metrics and insights to measure control effectiveness, remediation trends, 
developer adoption, and overall security maturity.

What You Need to Succeed
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or 
equivalent practical experience.
• 2–4 years of experience in Application Security, DevSecOps, Secure Software 
Development, or Security Engineering.
• Strong understanding of OWASP Top 10, SANS CWE Top 25, secure design 
principles, and application threat modeling.
• Experience using AI-assisted or automation-driven approaches to improve 
security testing, vulnerability analysis, code review, or risk prioritization.
• Experience with modern application frameworks and architectures such as 
React, Node.js, Django, FastAPI, or similar technologies.
• Knowledge of securing APIs, microservices, authentication, and authorization 
mechanisms such as OAuth2, OIDC, JWT, and service-to-service authentication.
• Experience with cloud platforms such as AWS, GCP, or Azure, and containerized 
environments such as Docker and Kubernetes.
• Working knowledge of security testing and automation tools such as Semgrep, 
SonarQube, Burp Suite, OWASP ZAP, Trivy, Snyk, GitHub Advanced Security, 
or similar tools.
• Ability to analyze security findings, correlate risk context, and drive practical 
remediation guidance for engineering teams.
• Strong collaboration and communication skills with the ability to work across 
Engineering, Product, QA, DevOps, and Security teams.

Nice to Have
• Familiarity with AI/ML security concepts such as prompt injection, data poisoning, 
adversarial testing, model integrity, model abuse, and AI supply-chain risks.
• Experience building or integrating AI-assisted security workflows, security bots, 
automated triage systems, or risk scoring models.
• Experience with policy-as-code, infrastructure-as-code security, CI/CD security 
controls, and automated governance.
• Experience with automation frameworks and scripting for security testing, 
vulnerability validation, and remediation workflows.
• Relevant certifications such as OSCP, GWAPT, CSSLP, cloud security 
certifications, or AI/ML-specific security certifications

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free