As a Principal Security Engineer at Zillow's Application Security team, you will lead security assessments for high-impact applications and services, including threat modeling, secure design reviews, and penetration testing, while identifying and prioritizing complex vulnerabilities across web applications, APIs, and cloud-native services. You will strengthen the security of AWS-based environments with exposure to GCP and Azure, focusing on identity, networking, data protection, and service integrations. Additionally, you will drive AI security initiatives by establishing guardrails and secure design patterns for AI-enabled systems, assessing specific risks such as data exposure and model abuse, and developing scalable application and AI security standards. You will also improve tooling through configuration and integration with engineering teams, mentor engineers to embed security practices, and communicate security risks effectively to both technical and non-technical partners. This role requires 7+ years of experience in application security, hands-on cloud environment security, and a strong understanding of secure software development practices.
Skills
AWS
GCP
Azure
Python
Threat Modeling
Secure Design Reviews
Penetration Testing
AI Security
Data Protection
Identity Management
Networking
Model Abuse Detection
Prompt-Based Attacks
Unintended System Behavior
CI/CD
Cloud-Native Security
LLM-Enabled Systems
What you'll do
Lead security assessments for high-impact applications, including threat modeling and penetration testing.
Identify and prioritize complex vulnerabilities in web applications, APIs, and cloud services.
Strengthen AWS-based environments by implementing identity, networking, and data protection measures.
Drive AI security initiatives by establishing guardrails and secure design patterns for AI systems.
Develop and promote scalable application and AI security standards across engineering teams.
Improve application and AI security tooling through configuration and ongoing optimization with engineering teams.
What we're looking for
7+ years of security engineering experience with a focus on application security
Experience leading advanced security assessments for modern applications and cloud infrastructure
Strong understanding of secure software development practices, threat modeling, and common vulnerability classes
Hands-on experience securing AWS-based environments and designing secure system architectures
Ability to drive AI security initiatives and assess risks in AI-enabled systems
Proficiency in reading, writing, and reviewing code in at least one modern programming language
Experience mentoring engineers and influencing technical decisions across teams
Market check
Salary context
This
$168,600–$269,400
range sits above
86%
of similar postings on FindRole.
Peer median band
$113,950–$214,000
Median floor and ceiling across peers.
Typical midpoint (25–75%)
$142,400–$185,587
Middle half of comparable postings.
Based on 240 comparable postings.*
* 240 is the maximum number of comparable postings sampled.
Employer
About Zillow
Zillow Group is a leading real estate and rental marketplace providing consumers with data, tools, and services to find, buy, sell, rent, and finance homes, and connecting buyers with agents and lenders. Industry: Real Estate Technology & Marketplace
Zillow currently has
33 open roles
on FindRole.
Listed pay typically runs
$160,900–$257,100
across 33 roles with salary data.
9615 Ashburn Va Non-Specific Customer Site, US25 days ago
$69,550–$125,725
AWS
Linux
Python
Ansible
Networking
VPN
DNS
DHCP
VPCs
Firewalls
Splunk
EC2
S3
Lambda
Storage Gateways
CentOS
RHEL
Kali Linux
Rocky Linux
Windows
McAfee
CrowdStrike
CI/CD