Key skills
AILLMAWSAzureGCPMentoringPenetration Testing
About this role
Zillow is a leading real estate platform in the U.S., and they are seeking a Principal Security Engineer to shape how security is integrated into their applications, cloud environments, and AI-enabled systems. This role involves leading security assessments, reducing security risks, and improving secure engineering practices across the company.
Responsibilities:
- Lead security assessments for high-impact applications and services, including threat modeling, secure design reviews, and penetration testing
- Identify, validate, and prioritize complex vulnerabilities across web applications, APIs, and cloud-native services, and partner with engineers to drive secure-by-default outcomes
- Strengthen the security of primarily AWS-based environments, with additional exposure to GCP and Azure, across areas such as identity, networking, data protection, and service integrations
- Drive AI security initiatives by establishing guardrails, review practices, and secure design patterns for AI-enabled features and systems
- Assess AI-specific risks, including data exposure, misuse, model abuse, prompt-based attacks, and unintended system behavior
- Develop and promote scalable application and AI security standards, best practices, and guardrails across teams
- Improve application and AI security tooling through configuration, integration, and ongoing optimization in partnership with engineering and platform teams
- Mentor and influence engineers across teams, raising the technical bar and helping embed security into the way Zillow builds and ships software
Requirements:
- 7+ years of security engineering experience, including strong experience in application security and ownership of complex security outcomes
- Experience driving or owning AI security initiatives and assessing or mitigating risks in AI- or LLM-enabled systems
- Experience leading advanced security assessments across modern applications, cloud infrastructure, and AI-enabled systems
- Strong understanding of common vulnerability classes, secure software development practices, and threat modeling
- Hands-on experience securing cloud-native environments, especially AWS, and designing secure system or cloud architectures
- Ability to read, write, and review code in at least one modern programming language
- Ability to communicate security risks clearly to both technical and non-technical partners and influence decisions without formal authority
- Experience mentoring engineers and helping raise the technical bar across a team or organization