Lead Application & Platform Security Engineer

WHO WE ARE 

Zeta Global (NYSE: ZETA) is the AI-Powered Marketing Cloud that leverages advanced artificial intelligence (AI) and trillions of consumer signals to make it easier for marketers to acquire, grow, and retain customers more efficiently. Through the Zeta Marketing Platform (ZMP), our vision is to make sophisticated marketing simple by unifying identity, intelligence, and omnichannel activation into a single platform – powered by one of the industry’s largest proprietary databases and AI. Our enterprise customers across multiple verticals are empowered to personalize experiences with consumers at an individual level across every channel, delivering better results for marketing programs. Zeta was founded in 2007 by David A. Steinberg and John Sculley and is headquartered in New York City with offices around the world. To learn more, go to www.zetaglobal.com.

About the Role

We’re looking for a highly skilled Lead Application & Platform Security Engineer to lead our application and platform security initiatives. You’ll be responsible for embedding security into every stage of the development lifecycle, from threat modeling through deployment, ensuring secure-by-design practices are consistently applied. Zeta operates at significant scale, supporting billions of consumer profiles and petabytes of data across real-time, AI-powered marketing platforms. In this role, you'll help safeguard our high-performance systems by driving best practices, evaluating emerging threats, and enabling cross-functional teams to build secure, reliable applications.

This is a high-impact position with visibility across engineering, product, and executive leadership.

This is a hybrid role based out of our San Francisco, CA office.

Key Responsibilities

Threat Modeling & Security Validation

• Lead threat modeling and security architecture reviews for distributed, event- driven systems.

• Integrate security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD and AI/ML pipelines.

• Coordinate and lead incident simulations specific to AI systems; oversee red/blue team exercises to validate defensive posture.

• Conduct security reviews of third-party vendors and tools to ensure alignment with enterprise security standards.

Embedding Security into the SDLC

• Collaborate with engineers and product teams to build secure features without impeding innovation.

• Establish and lead security checkpoints across the software development lifecycle.

• Review system designs, architecture, and data flow diagrams to identify and mitigate risks early.

• Collaborate with key stakeholders to drive informed Go/No-Go security decisions for all major production deployments.

Emerging Threat Monitoring & Proactive Defense

• Stay on the forefront of security innovations, including OWASP, cloud-native, and API security practices.

• Monitor modern threat vectors like LLM jailbreaks, prompt injection, and data poisoning.

• Recommend and implement forward-looking controls to safeguard AI models and data platforms.Security Awareness & Policy Implementation

• Evangelize secure coding and AI security through training, brown bag sessions, and workshops.

• Develop and roll out internal security policies, standards, and best practices.

• Raise awareness of security threats through documentation and hands-on engagement.

• Foster a security-first culture across engineering, product, and data teams.

What You Need to Succeed

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.

• 5+ years of experience in Application Security, DevSecOps, or secure software development.

• In-depth understanding of OWASP Top 10, SANS CWE Top 25, MITRE ATT&CK for ML, and adversarial threat modeling.

• Experience securing modern frameworks and architectures (e.g., React, Node.js, Django, FastAPI).

• Familiarity with AI/ML attack vectors including model inversion, adversarial examples, and training pipeline integrity.

• Strong foundation in OAuth2, OpenID Connect, JWT, and securing APIs and microservices.

• Experience with cloud-native security (e.g., AWS, GCP, Azure) and container technologies (e.g., Docker, Kubernetes).

• Strong communication and stakeholder management skills.

Nice to Have

• Hands-on with tools like Semgrep, Veracode, Checkmarx, SonarQube, Burp Suite, Zap, Trivy, Brakeman, or LangSec.

• Certifications such as OSCP, CSSLP, GWAPT, or ML-specific certs (e.g., MITRE ATT&CK Defender for ML).

BENEFITS & PERKS

• Unlimited PTO
• Excellent medical, dental, and vision coverage
• Employee Equity
• Employee Discounts, Virtual Wellness Classes, and Pet Insurance And more!!

SALARY RANGE

The salary range for this role is $150,000 - $190,000, depending on location and experience. 

PEOPLE & CULTURE AT ZETA

Zeta considers applicants for employment without regard to, and does not discriminate on the basis of an individual’s sex, race, color, religion, age, disability, status as a veteran, or national or ethnic origin; nor does Zeta discriminate on the basis of sexual orientation, gender identity or expression.  

We’re committed to building a workplace culture of trust and belonging, so everyone feels invited to bring their whole selves to work. We provide a forum for employees to celebrate, support and advocate for one another. Learn more about our commitment to diversity, equity and inclusion here:  https://zetaglobal.com/blog/a-look-into-zetas-ergs/ 

ZETA IN THE NEWS!

https://zetaglobal.com/press/?cat=press-releases 

#LI-DD1