Principal Security Engineer

About the Role

The role of a Principal Security Engineer is multifaceted, requiring a deep understanding of both the technical and business aspects of security. This includes staying abreast of emerging technologies and trends, assessing their potential impact on Zillow's security posture, and developing strategies to leverage these technologies securely. Given the flexible and remote nature of this position, the ability to work independently, manage multiple priorities, and maintain open lines of communication with distributed teams is essential.

Zillow's commitment to security is reflected in its approach to hiring talented professionals who can drive change and lead by example. The company's focus on innovation, customer satisfaction, and employee development makes it an attractive choice for those looking to make a meaningful impact in the field of cybersecurity.

What You Will Do

• Lead comprehensive security assessments for high-impact applications and services, including threat modeling, secure design reviews, and penetration testing.
• Identify, validate, and prioritize complex vulnerabilities across web applications, APIs, and cloud-native services, and partner with engineers to drive secure-by-default outcomes.
• Strengthen the security of primarily AWS-based environments, with additional exposure to GCP and Azure, across areas such as identity, networking, data protection, and service integrations.
• Drive AI security initiatives by establishing guardrails, review practices, and secure design patterns for AI-enabled features and systems.
• Assess AI-specific risks, including data exposure, misuse, model abuse, prompt-based attacks, and unintended system behavior.
• Develop and promote scalable application and AI security standards, best practices, and guardrails across teams.
• Improve application and AI security tooling through configuration, integration, and ongoing optimization in partnership with engineering and platform teams.
• Mentor and influence engineers across teams, raising the technical bar and helping embed security into the way Zillow builds and ships software.
• Collaborate with cross-functional teams to ensure the secure design and implementation of new features and systems.
• Stay updated on the latest security threats, technologies, and trends, applying this knowledge to continuously improve Zillow's security posture.

What We Are Looking For

• 7+ years of security engineering experience, including strong experience in application security and ownership of complex security outcomes.
• Experience driving or owning AI security initiatives and assessing or mitigating risks in AI- or LLM-enabled systems.
• Experience leading advanced security assessments across modern applications, cloud infrastructure, and AI-enabled systems.
• Strong understanding of common vulnerability classes, secure software development practices, and threat modeling.
• Hands-on experience securing cloud-native environments, especially AWS, and designing secure system or cloud architectures.
• Ability to read, write, and review code in at least one modern programming language.
• Excellent communication skills, with the ability to articulate complex security concepts to both technical and non-technical audiences.
• Strong analytical and problem-solving skills, with the ability to analyze complex systems and identify potential security risks.
• Experience with security compliance and regulatory requirements, and the ability to ensure that Zillow's security practices align with these requirements.

Nice to Have

• Experience with containerization technologies such as Docker and Kubernetes.
• Knowledge of CI/CD pipelines and the ability to integrate security into these pipelines.
• Familiarity with security orchestration, automation, and response (SOAR) solutions.
• Experience with cloud security platforms and tools, such as Cloud Security Command Center (Cloud SCC) or AWS Security Hub.

Benefits and Perks

• Competitive base salary, with the potential for performance-based bonuses.
• Equity awards based on factors such as experience, performance, and location.
• Comprehensive health insurance package, including medical, dental, and vision coverage.
• Generous PTO policy, allowing for a healthy work-life balance.
• Remote work stipend, to support the setup and maintenance of a home office.
• Access to cutting-edge technologies and tools, and the opportunity to develop skills in emerging areas such as AI security.
• Collaborative and dynamic work environment, with a team of experienced professionals who are passionate about security and innovation.

• Before applying, review your experience in application security, AI security, and cloud infrastructure to ensure you meet the minimum requirements.
• Prepare examples of how you've led security assessments, driven AI security initiatives, and strengthened cloud-native architectures in previous roles.
• Familiarize yourself with Zillow's products and services to understand how you can contribute to the company's mission and goals.
• Be ready to discuss your approach to secure software development practices, threat modeling, and common vulnerability classes.
• Consider highlighting any experience with security compliance and regulatory requirements, as well as your ability to communicate complex security concepts to non-technical teams.
• Use your cover letter to explain why you're interested in this role at Zillow, and what unique skills or perspectives you bring to the table.
• Practice answering behavioral questions that assess your problem-solving skills, leadership experience, and ability to work in a remote environment.