Principal Security Engineer

Zillow

2d•Remote

About The Position

About the team The Application Security team at Zillow partners closely with engineering, platform, and product teams to embed security throughout the software development lifecycle. We play a critical role in strengthening cloud-native architectures and enabling the safe adoption of emerging technologies, such as AI, while supporting fast, reliable innovation across Zillow Group. About the role As a Principal Security Engineer, you will be a senior technical leader responsible for identifying and reducing security risk across Zillow’s applications, cloud environments, and AI-enabled systems. You will drive change through influence, operate effectively in ambiguous spaces, and help shape how security is embedded into our evolving platform. Your work will have a direct impact on the safety and reliability of Zillow’s products and services.

Requirements

Minimum of 7+ years of security engineering experience, including at least 5+ years focused on Application Security or penetration testing.
Demonstrated experience driving or owning AI security initiatives (2+ years), including assessing and mitigating risks in AI- or LLM-enabled systems.
Deep understanding of common vulnerability classes and secure software development practices.
Hands-on experience securing cloud-native applications, particularly in AWS environments, and designing secure solutions across modern application and cloud environments.
Ability to read, write, and review code in at least one modern programming language.
Proven experience designing and implementing secure system architectures, including hands-on threat modeling and security-driven design decisions.
Experience communicating security risks clearly to both technical and non-technical partners.
Demonstrated ability to mentor engineers and act as a technical leader without formal authority.

Responsibilities

Lead application security assessments, including scoping and managing penetration testing, threat modeling, and secure design reviews for high-impact systems.
Identify, validate, and prioritize complex security vulnerabilities across web applications, APIs, and cloud-native services.
Partner with software engineers to embed secure-by-default patterns into application architectures and development workflows.
Influence the security of primarily AWS-based systems, with exposure to GCP and Azure, focusing on identity, networking, data protection, and service integrations.
Drive AI security initiatives by establishing guardrails, patterns, and review practices, and assess AI-specific risks such as data exposure, misuse, and unintended behaviors in AI- and LLM-powered systems.
Develop and promote scalable application and AI security standards, guardrails, and best practices.
Mentor and coach security engineers, raising the technical bar and fostering a culture of security across the team.
Serve as a technical owner for application and AI security tooling, responsible for configuration, integration, and ongoing improvement in partnership with engineering and platform teams.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume