AppSec Jobs
← Back to all jobs

Zeta Global

Staff Application Security Engineer

San Francisco, CAWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Zeta Global

Zeta Global is an AI-powered marketing cloud platform founded in 2007 by David A. Steinberg and John Sculley. Headquartered in New York City, the company is publicly traded on the New York Stock Exchange under the ticker symbol ZETA. With a workforce of over 1,700 employees, Zeta is recognized as a leading provider of omnichannel data-driven marketing technology. The Zeta Marketing Platform (ZMP) is the core of Zeta's offerings. It integrates identity, intelligence, and omnichannel activation into a unified solution, leveraging advanced AI and extensive consumer data. The platform supports personalized marketing across various channels, including email, social media, and connected TV, enabling enterprises to effectively acquire, grow, and retain customers. Zeta serves over 450 enterprise customers, including nearly half of the Fortune 100 companies, and has a global presence with offices in multiple cities worldwide.

Industry

information technology & services

Employees

2,200

418 engineers

Revenue

$1.0B

Website

Visit →

Security at Zeta Global

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Zeta Global's AppSec mission involves an appointed Information Security team, with their system based on industry-best practices, specifically ISO 27001.
  • Their approach to working with developers emphasizes embedding security into every stage of the development lifecycle and establishing and leading security checkpoints across the software development lifecycle.
  • The company's risk philosophy includes leading threat modeling and security architecture reviews, as well as monitoring modern threat vectors like LLM jailbreaks, prompt injection, and data poisoning.
  • Stated goals include integrating security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD, and evangelizing secure coding and AI security through training, brown bag sessions, and workshops.

Security Team

Zeta Global's AppSec team reports to a Chief Information Security Officer (CISO), who is appointed by the Chief Information Officer. The CISO is responsible for assessing and formally approving deviations from the security program at the group level. Kurt Baumgarten serves as the CISO & VP, Information Security. The estimated team size is not publicly available. As of, there is one active AppSec job posting for a Lead Application Security Engineer. Common skill and tool patterns from job postings include integrating security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD, with hands-on experience with tools like Semgrep, Veracode, Checkmarx, and SonarQube.

Key Initiatives

There is no publicly available evidence for a Security Champions Program at Zeta Global. The company practices 'Shift Left' by embedding security into every stage of the development lifecycle and establishing security checkpoints across the SDLC. Their vulnerability management process involves the Information Security team implementing vulnerability assessments of company assets, with the Technology Management team responsible for remediation based on criticality. Secure SDLC artifacts include leading threat modeling and security architecture reviews, separating operational, development, and testing facilities, and conducting security reviews of third-party vendors and tools. No evidence of new AppSec-specific public programs or tool rollouts within the last six months is publicly available.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.