Lead Application Security Engineer

Zeta Global•Chicago, IL

2d•Remote

About The Position

We’re looking for a highly skilled Lead Application Security Engineer to lead our application and platform security initiatives. You’ll be responsible for embedding security into every stage of the development lifecycle, from threat modeling through deployment, ensuring secure-by-design practices are consistently applied. Zeta operates at significant scale, supporting billions of consumer profiles and petabytes of data across real-time, AI-powered marketing platforms. In this role, you'll help safeguard our high-performance systems by driving best practices, evaluating emerging threats, and enabling cross-functional teams to build secure, reliable applications. This is a high-impact position with visibility across engineering, product, and executive leadership.

Requirements

Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
5+ years of experience in Application Security, DevSecOps, or secure software development.
In-depth understanding of OWASP Top 10, SANS CWE Top 25, MITRE ATT&CK for ML, and adversarial threat modeling.
Experience securing modern frameworks and architectures (e.g., React, Node.js, Django, FastAPI).
Familiarity with AI/ML attack vectors including model inversion, adversarial examples, and training pipeline integrity.
Strong foundation in OAuth2, OpenID Connect, JWT, and securing APIs and microservices.
Experience with cloud-native security (e.g., AWS, GCP, Azure) and container technologies (e.g., Docker, Kubernetes).
Strong communication and stakeholder management skills.

Nice To Haves

Hands-on with tools like Semgrep, Veracode, Checkmarx, SonarQube, Burp Suite, Zap, Trivy, Brakeman, or LangSec.
Certifications such as OSCP, CSSLP, GWAPT, or ML-specific certs (e.g., MITRE ATT&CK Defender for ML).

Responsibilities

Lead threat modeling and security architecture reviews for distributed, event- driven systems.
Integrate security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD and AI/ML pipelines.
Coordinate and lead incident simulations specific to AI systems; oversee red/blue team exercises to validate defensive posture.
Conduct security reviews of third-party vendors and tools to ensure alignment with enterprise security standards.
Collaborate with engineers and product teams to build secure features without impeding innovation.
Establish and lead security checkpoints across the software development lifecycle.
Review system designs, architecture, and data flow diagrams to identify and mitigate risks early.
Collaborate with key stakeholders to drive informed Go/No-Go security decisions for all major production deployments.
Stay on the forefront of security innovations, including OWASP, cloud-native, and API security practices.
Monitor modern threat vectors like LLM jailbreaks, prompt injection, and data poisoning.
Recommend and implement forward-looking controls to safeguard AI models and data platforms.
Evangelize secure coding and AI security through training, brown bag sessions, and workshops.
Develop and roll out internal security policies, standards, and best practices.
Raise awareness of security threats through documentation and hands-on engagement.
Foster a security-first culture across engineering, product, and data teams.