Principal Application Security Engineer

About the teamWe are a growing, world-class information security group that is dedicated to excellence and passionate about our service offering. The team works closely with PMs , Engineers, and designers to help define new products and features with appropriate security controls baked in. You'll move quickly in an agile development process with this high-energy group that value new ideas.

About the role

Zillow is seeking a strategic, highly accountable resource to join Zillow Group's Information Security Team. Working in close partnership with stakeholders from across the company, this role will be responsible leading our web application security program. If you want to make big contributions to a fast-growing enterprise, we encourage you to apply!

Essential Duties:

* Establish security best processes and practices for our mobile, on-premise and cloud-based platforms.

* Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls

* Implement secure Software Security Development Lifecycle processes and software maturity model

* Perform Architectural risk analysis and threat modeling, secure design and source code review

* Conduct security assessments, security testing and validation of vulnerability scan results

* Incorporate security tools/tasks to automate product development and deployment

* Establish supply chain security process and ensure 3rd party software meet the standards

* Mentor and train development teams on secure coding standards and techniques

Who you are

Skills:

* In-depth knowledge of web and mobile security vulnerabilities, attack vectors and mitigation techniques

* Demonstrated security experience with Mobile (IOS and Android) platforms

* Experience with Cloud (AWS) Security

* Experience with multiple programming languages (Java, JavaScript, Go, Python, Ruby, Objective-C, C#, PHP) with hands on level coding experience with at least one scripting and one objected oriented programming language

* Fluent with security testing with SAST, DAST, IAST, Fuzz and penetration testing tools

* Good understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25

* Knowledge of DevSecOps to maintain security in CI/CD pipeline

* Solid experience with security tools like CheckMarx, BurpSuite, Nessus, QualysGuard

* Familiar with tools like Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Splunk

* Experience with micro services, container deployment and service orchestration

* Strong knowledge of cryptography, API security, and secret management

* Ability to clearly and effectively communicate concerns and issues to the management and engineers

Experience:

* A minimum 5 years of experience. 3 of those years having been focused on application security

* Degree in related field or an equivalent 4 years of work experience related to application or product security

* Demonstrated experience in developing, documenting and maintaining security applications/tools and procedures/standards

Get to know usZillow Group houses a portfolio of the largest and most vibrant real estate and home-related brands on the web and mobile. Our mission is to build the largest, most trusted and vibrant home-related marketplace in the world.

Zillow Group is owned, fueled and grown by innovators who help people make better, smarter decisions around all things home. We encourage one another at every level, and our efforts are supported by employee-driven, world-class benefits that enable us to enjoy our lives outside the office while building fulfilling careers that impact millions of individuals every day.

Zillow Group is an equal opportunity employer committed to fostering an inclusive, innovative environment with the best employees. Therefore, we provide employment opportunities without regard to age, race, color, ancestry, national origin, religion, disability, sex, gender identity or expression, sexual orientation, or any other protected status in accordance with applicable law. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.