Principal Security Engineer

About the team

About the role

As a Principal Security Engineer, you will help shape how security is built into Zillow’s applications, cloud environments, and AI-enabled systems. This role has broad impact across the company: you’ll partner with teams to reduce security risk, improve secure-by-default engineering practices, and help Zillow adopt emerging technologies safely while continuing to move quickly and innovate.

As a Principal Security Engineer, You Will Get To:

• Lead security assessments for high-impact applications and services, including threat modeling, secure design reviews, and penetration testing.

• Identify, validate, and prioritize complex vulnerabilities across web applications, APIs, and cloud-native services, and partner with engineers to drive secure-by-default outcomes.

• Strengthen the security of primarily AWS-based environments, with additional exposure to GCP and Azure, across areas such as identity, networking, data protection, and service integrations.

• Drive AI security initiatives by establishing guardrails, review practices, and secure design patterns for AI-enabled features and systems.

• Assess AI-specific risks, including data exposure, misuse, model abuse, prompt-based attacks, and unintended system behavior.

• Develop and promote scalable application and AI security standards, best practices, and guardrails across teams.

• Improve application and AI security tooling through configuration, integration, and ongoing optimization in partnership with engineering and platform teams.

• Mentor and influence engineers across teams, raising the technical bar and helping embed security into the way Zillow builds and ships software.

Who you are

• You have 7+ years of security engineering experience, including strong experience in application security and ownership of complex security outcomes.

• You have experience driving or owning AI security initiatives and assessing or mitigating risks in AI- or LLM-enabled systems.

• You have experience leading advanced security assessments across modern applications, cloud infrastructure, and AI-enabled systems.

• You have a strong understanding of common vulnerability classes, secure software development practices, and threat modeling.

• You have hands-on experience securing cloud-native environments, especially AWS, and designing secure system or cloud architectures.

• You can read, write, and review code in at least one modern programming language.

• You communicate security risks clearly to both technical and non-technical partners and can influence decisions without formal authority.

• You have experience mentoring engineers and helping raise the technical bar across a team or organization.

• Here at Zillow - we value the experience and perspective of candidates with non-traditional backgrounds. We encourage you to apply if you have transferable skills or related experiences.

Get to know us

At Zillow, we’re reimagining how people move—through the real estate market and through their careers. As the most-visited real estate platform in the U.S., we help customers navigate buying, selling, financing and renting with greater ease and confidence. Whether you're working in tech, sales, operations, or design, you’ll be part of a company that's reshaping an industry and helping more people make home a reality.

Zillow is honored to be recognized among the best workplaces in the country. Zillow was named one of FORTUNE 100 Best Companies to Work For® in 2025, and included on the PEOPLE Companies That Care® 2025list, reflecting our commitment to creating an innovative, inclusive, and engaging culture where employees are empowered to grow.

No matter where you sit in the organization, your work will help drive innovation, support our customers, and move the industry—and your career—forward, together.

Zillow Group is an equal opportunity employer committed to fostering an inclusive, innovative environment with the best employees. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please contact your recruiter directly.

Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable state and local law.

Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.