Zeta GlobalRemote
Staff Application Security Engineer
United States
Full Time
17 hours ago
$160,000 - $200,000 USD
H1B Sponsor Likely
Key skills
GoAIArtificial IntelligenceMLLLMReactNode.jsFastAPIDjangoAWSAzureGCPKubernetesDockerJWTCI/CDStakeholder ManagementCommunicationTrivySonarQubeCheckmarxOWASP
About this role
Zeta Global is the AI-Powered Marketing Cloud that utilizes advanced artificial intelligence to enhance marketing efficiency. They are seeking a Staff Application Security Engineer to lead security initiatives across the development lifecycle, ensuring secure practices are applied consistently while safeguarding high-performance systems.
Responsibilities:
- Lead threat modeling and security architecture reviews for distributed, event-driven systems
- Integrate security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD and AI/ML pipelines
- Coordinate and lead incident simulations specific to AI systems; oversee red/blue team exercises to validate defensive posture
- Conduct security reviews of third-party vendors and tools to ensure alignment with enterprise security standards
- Collaborate with engineers and product teams to build secure features without impeding innovation
- Establish and lead security checkpoints across the software development lifecycle
- Review system designs, architecture, and data flow diagrams to identify and mitigate risks early
- Collaborate with key stakeholders to drive informed Go/No-Go security decisions for all major production deployments
- Stay on the forefront of security innovations, including OWASP, cloud-native, and API security practices
- Monitor modern threat vectors like LLM jailbreaks, prompt injection, and data poisoning
- Recommend and implement forward-looking controls to safeguard AI models and data platforms
- Evangelize secure coding and AI security through training, brown bag sessions, and workshops
- Develop and roll out internal security policies, standards, and best practices
- Raise awareness of security threats through documentation and hands-on engagement
- Foster a security-first culture across engineering, product, and data teams
Requirements:
- Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent experience
- 5+ years of experience in Application Security, DevSecOps, or secure software development
- In-depth understanding of OWASP Top 10, SANS CWE Top 25, MITRE ATT&CK for ML, and adversarial threat modeling
- Experience securing modern frameworks and architectures (e.g., React, Node.js, Django, FastAPI)
- Familiarity with AI/ML attack vectors including model inversion, adversarial examples, and training pipeline integrity
- Strong foundation in OAuth2, OpenID Connect, JWT, and securing APIs and microservices
- Experience with cloud-native security (e.g., AWS, GCP, Azure) and container technologies (e.g., Docker, Kubernetes)
- Strong communication and stakeholder management skills
- Hands-on with tools like Semgrep, Veracode, Checkmarx, SonarQube, Burp Suite, Zap, Trivy, Brakeman, or LangSec
- Certifications such as OSCP, CSSLP, GWAPT, or ML-specific certs (e.g., MITRE ATT&CK Defender for ML)