Principal Security Engineer

Zillow

4d•Remote

About The Position

The Application Security team partners closely with engineering, platform, and product teams to embed security throughout Zillow’s software development lifecycle. The team helps strengthen cloud-native architectures, reduce risk across applications and AI-enabled systems, and support fast, reliable innovation across Zillow Group. As a Principal Security Engineer, you will help shape how security is built into Zillow’s applications, cloud environments, and AI-enabled systems. This role has broad impact across the company: you’ll partner with teams to reduce security risk, improve secure-by-default engineering practices, and help Zillow adopt emerging technologies safely while continuing to move quickly and innovate. This role has been categorized as a Remote position. “Remote” employees do not have a permanent corporate office workplace and, instead, work from a physical location of their choice, which must be identified to the Company. U.S. employees may live in any of the 50 United States, with limited exceptions. At Zillow, flexibility isn’t a perk–it’s how we work. Cloud HQ is our distributed-first model, built on trust, clear systems, and the belief that you can do great work from wherever you are. It’s not about where you work. It’s about moving forward–together.

Requirements

7+ years of security engineering experience, including strong experience in application security and ownership of complex security outcomes.
Experience driving or owning AI security initiatives and assessing or mitigating risks in AI- or LLM-enabled systems.
Experience leading advanced security assessments across modern applications, cloud infrastructure, and AI-enabled systems.
A strong understanding of common vulnerability classes, secure software development practices, and threat modeling.
Hands-on experience securing cloud-native environments, especially AWS, and designing secure system or cloud architectures.
Ability to read, write, and review code in at least one modern programming language.
Ability to communicate security risks clearly to both technical and non-technical partners and can influence decisions without formal authority.
Experience mentoring engineers and helping raise the technical bar across a team or organization.

Responsibilities

Lead security assessments for high-impact applications and services, including threat modeling, secure design reviews, and penetration testing.
Identify, validate, and prioritize complex vulnerabilities across web applications, APIs, and cloud-native services, and partner with engineers to drive secure-by-default outcomes.
Strengthen the security of primarily AWS-based environments, with additional exposure to GCP and Azure, across areas such as identity, networking, data protection, and service integrations.
Drive AI security initiatives by establishing guardrails, review practices, and secure design patterns for AI-enabled features and systems.
Assess AI-specific risks, including data exposure, misuse, model abuse, prompt-based attacks, and unintended system behavior.
Develop and promote scalable application and AI security standards, best practices, and guardrails across teams.
Improve application and AI security tooling through configuration, integration, and ongoing optimization in partnership with engineering and platform teams.
Mentor and influence engineers across teams, raising the technical bar and helping embed security into the way Zillow builds and ships software.