Key skills
AILLMAWSAzureGCPMentoringPenetration Testing
About this role
Zillow is a leading real estate platform in the U.S., and they are seeking a Principal Security Engineer to shape security integration within their applications and cloud environments. The role involves partnering with various teams to reduce security risks, improve secure practices, and drive AI security initiatives across the organization.
Responsibilities:
- Lead security assessments for high-impact applications and services, including threat modeling, secure design reviews, and penetration testing
- Identify, validate, and prioritize complex vulnerabilities across web applications, APIs, and cloud-native services, and partner with engineers to drive secure-by-default outcomes
- Strengthen the security of primarily AWS-based environments, with additional exposure to GCP and Azure, across areas such as identity, networking, data protection, and service integrations
- Drive AI security initiatives by establishing guardrails, review practices, and secure design patterns for AI-enabled features and systems
- Assess AI-specific risks, including data exposure, misuse, model abuse, prompt-based attacks, and unintended system behavior
- Develop and promote scalable application and AI security standards, best practices, and guardrails across teams
- Improve application and AI security tooling through configuration, integration, and ongoing optimization in partnership with engineering and platform teams
- Mentor and influence engineers across teams, raising the technical bar and helping embed security into the way Zillow builds and ships software
Requirements:
- 7+ years of security engineering experience, including strong experience in application security and ownership of complex security outcomes
- Experience driving or owning AI security initiatives and assessing or mitigating risks in AI- or LLM-enabled systems
- Experience leading advanced security assessments across modern applications, cloud infrastructure, and AI-enabled systems
- Strong understanding of common vulnerability classes, secure software development practices, and threat modeling
- Hands-on experience securing cloud-native environments, especially AWS, and designing secure system or cloud architectures
- Ability to read, write, and review code in at least one modern programming language
- Ability to communicate security risks clearly to both technical and non-technical partners and influence decisions without formal authority
- Experience mentoring engineers and helping raise the technical bar across a team or organization