Principal Security Engineer

About the role

The Application Security team partners closely with engineering, platform, and product teams to embed security throughout Zillow's software development lifecycle. The team helps strengthen cloud-native architectures, reduce risk across applications and AI-enabled systems, and support fast, reliable innovation across Zillow Group. As a Principal Security Engineer, you will help shape how security is built into Zillow's applications, cloud environments, and AI-enabled systems. This role has broad impact across the company: you'll partner with teams to reduce security risk, improve secure-by-default engineering practices, and help Zillow adopt emerging technologies safely while continuing to move quickly and innovate. As a Principal Security Engineer, You Will Get To : Lead security assessments for high-impact applications and services, including threat modeling, secure design reviews, and penetration testing. Identify, validate, and prioritize complex vulnerabilities across web applications, APIs, and cloud-native services, and partner with engineers to drive secure-by-default outcomes. Strengthen the security of primarily AWS-based environments, with additional exposure to GCP and Azure, across areas such as identity, networking, data protection, and service integrations. Drive AI security initiatives by establishing guardrails, review practices, and secure design patterns for AI-enabled features and systems. Assess AI-specific risks, including data exposure, misuse, model abuse, prompt-based attacks, and unintended system behavior. Develop and promote scalable application and AI security standards, best practices, and guardrails across teams. Improve application and AI security tooling through configuration, integration, and ongoing optimization in partnership with engineering and platform teams. Mentor and influence engineers across teams, raising the technical bar and helping embed security into the way Zillow builds and ships software. This role has been categorized as a Remote position. "Remote" employees do not have a permanent corporate office workplace and, instead, work from a physical location of their choice, which must be identified to the Company. U.S. employees may live in any of the 50 United States, with limited exceptions. In California, Connecticut, Maryland, Massachusetts, New Jersey, New York, Washington state, and Washington DC the standard base pay range for this role is $168,600.00 - $269,400.00 annually. This base pay range is specific to these locations and may not be applicable to other locations. In Colorado, Hawaii, Illinois, Minnesota, Nevada, Ohio, Rhode Island, and Vermont the standard base pay range for this role is $160,200.00 - $256,000.00 annually. The base pay range is specific to these locations and may not be applicable to other locations. In addition to a competitive base salary this position is also eligible for equity awards based on factors such as experience, performance and location. Actual amounts will vary depending on experience, performance and location. Employees in this role will not be paid below the salary threshold for exempt employees in the state where they reside.