About the team
Zillow’s Information Security team is the engineering-first security organization at the heart of one of themost-visited real estate platforms in the United States. We protect a product ecosystem that drives real
estate transactions, safeguards the personal and financial data of millions of customers, and powers a
marketplace that is reimagining what it means to come home.
We operate like a product engineering team- we build, automate, and ship. Our security engineers are
embedded partners to the product and platform organizations, not gatekeepers. We move fast, we
prefer paved roads over guard rails, and we treat security as a feature of the product rather than a tax
on it. Our work spans cloud-native infrastructure at scale, a high-velocity application development
lifecycle, real-time threat detection and response, and a threat intelligence program that informs both
defensive and product risk decisions across the company.
This is a team where technical credibility matters. Our leaders write strategy documents and review
detection logic and SDLC security controls. If you’ve spent your career building things - secure
software, detection pipelines, AppSec programs, zero trust architectures -this is the kind of organization
you’ve been building toward.
Zillow Group is a strategic, mission-driven organization focused on delivering exceptional experiences and measurable outcomes. Our work spans cross-functional partnership, scalable programs and operational excellence in support of Zillow’s mission. We bring deep experience working across diverse teams in a dynamic, high-growth environment, balancing strategic thinking with hands-on execution to drive meaningful business impact. We are seeking an experienced professional to support our workforce expansion in India.
About the role
As Sr. Director of Information Security, drive the strategy, execution, and maturity of four
interconnected security disciplines: Cyber Defense (SOC and Security Engineering), Threat
Intelligence, Application Security, and Security Architecture. This is an M6 leadership role that reports
directly to the VP, CISO, and carries significant accountability for the security posture, talent, and
engineering culture of a large, multi-function organization.
We are looking for a builder, someone who has led security organizations inside high-growth
technology companies where engineering velocity is a first-class value. You have a background that
started in software engineering or security engineering, and you’ve never fully left it behind. You are the
leader who can earn trust with a senior engineers and peers, recruit principal-level security engineers,
and then go present business risk .
You will manage a team of managers and senior individual contributors across your four domains,
partnering deeply with Platform Engineering, Product, Legal, Privacy, and Compliance. You will set
multi-year technical roadmaps, own the operational budget and tooling strategy for your org, and serve
as a key voice in defining the company’s overall security risk posture and investment priorities.
Responsibilities
Leadership & Organizational Strategy
• Lead and develop a multi-manager organization across Cyber Defense (SOC + Engineering),
Threat Intelligence, Application Security, and Security Architecture, setting clear direction, healthy
team culture, and high-performance expectations at every level.
ZILLOW GROUP CONFIDENTIAL — FOR INTERNAL USE
Information Security | Sr. Director, Information Security | M6 Page 2
• Establish and execute a 2–3-year strategic roadmap for your domains that is tightly coupled to
Zillow’s product and platform engineering priorities, not just industry compliance frameworks.
• Own workforce planning, org design, talent acquisition, and the development of a bench of future
security leaders—with a specific focus on recruiting and retaining engineers who want to build,
not just advise.
• Manage budget, tooling portfolio, and vendor relationships across your scope, with a bias toward
consolidation, automation ROI, and eliminating tool sprawl.
• Represent Information Security at the executive and leadership level; translate complex technical
risk into business impact for the CISO
Cyber Defense (SOC & Security Engineering)
• Oversee and mature the Security Operations Center (SOC) and the Security Engineering
function that powers it, driving the transition from reactive monitoring to proactive detection
engineering and automated response.
• Champion a detection-as-code philosophy, custom, high-fidelity detections mapped to Zillow’s
specific threat model rather than out-of-the-box vendor content.
• Own the Incident Response program, ensuring rapid containment capability, strong forensics
practice, and a culture of blameless post-incident review with systemic remediation.
• Drive SOAR (Security Orchestration, Automation, and Response) adoption to reduce MTTR and
scale SOC capacity without proportional headcount growth.
• Cultivate an offensive security mindset within the team; champion red team and adversarial
simulation exercises to proactively identify gaps before they are exploited.
Threat Intelligence
• Build and operationalize a threat intelligence program that is actionable and deeply integrated
with the SOC, AppSec, and Architecture functions, not a standalone reporting exercise.
• Ensure threat intelligence informs product risk decisions, detection priorities, and architectural
controls, connecting external threat landscape shifts directly to internal engineering roadmaps.
• Develop relationships with industry threat-sharing communities, law enforcement partners, and
peer organizations to ensure Zillow has early-warning visibility on threats relevant to the real
estate and fintech ecosystem.
Application Security
• Lead an AppSec organization that partners with product engineering rather than policing it—
building “paved road” security capabilities embedded in CI/CD pipelines, frameworks, and
developer tooling.
• Drive a developer-first security culture: create security enablement programs, secure coding
training, and internal tooling that make the secure path the easy path for Zillow’s engineers.
• Ensure comprehensive coverage of Zillow’s application portfolio including secure design review,
DAST/SAST integration, dependency management, and API security.
• Own product security strategy, ensuring that security is a design-time consideration in new
product features, not an audit checkpoint at the end of the SDLC.
• Build and maintain a vulnerability management program with clear SLAs, risk-based prioritization,
and executive-facing reporting.
ZILLOW GROUP CONFIDENTIAL — FOR INTERNAL USE
Information Security | Sr. Director, Information Security | M6 Page 3
Security Architecture
• Lead the Security Architecture function to establish and maintain enterprise security patterns,
reference architectures, and guardrails for Zillow’s cloud-native, AWS-centric infrastructure.
• Drive Zero Trust principles and identity-driven access across the environment, working with
Platform Engineering to embed security patterns into infrastructure-as-code and platform
primitives.
• Ensure security architecture is a proactive partner in platform and product design reviews,
providing clear, opinionated guidance that accelerates rather than slows engineering delivery.
• Maintain a forward-looking architecture posture: evaluate emerging threats and technology shifts
(e.g., AI/ML-driven attack surfaces, cloud configuration risk) and evolve controls accordingly.
Who you are
12+ years of progressive security experience, with at least 5 years in senior leadership roles
managing managers and multi-functional security teams; prior experience in a high-growth
consumer technology or fintech company is strongly preferred.
• Roots in security engineering, software development, or platform engineering—you have built
things, not just governed them, and your technical instincts remain sharp enough to engage
credibly with principal engineers and architects.
• Demonstrated experience owning multiple security domains simultaneously (e.g., SOC/detection,
AppSec, architecture) with the organizational maturity to drive excellence across each without
personally bottlenecking any of them.
• Proven track record in Application Security leadership at scale—specifically, building AppSec
programs that integrate natively into SDLC, CI/CD, and developer workflows inside technology-
forward organizations.
• Deep expertise in multi cloud security (AWS preferred), including IaC security
(Terraform/CloudFormation), Kubernetes/container security, and Zero Trust architecture patterns.
• Strong detection engineering mindset: experience moving a SOC from alert triage to custom
detection pipelines, SOAR automation, and threat-model-driven coverage.
• Ability to quantify and communicate security risk in business and financial terms; experience
presenting to executive leadership and, ideally, board-level audiences.
• Talent magnet: a reputation for hiring and developing elite security engineers, with the technical
credibility to attract senior ICs who could work anywhere.
• Familiarity with the modern security tooling ecosystem: SIEM, SOAR, DLP,EDR, EPM,
CSPM/CWPP ,SaST /DaST. IAC, and container security - with the judgment to rationalize and
consolidate rather than accumulate.
• Proficiency in at least one scripting or programming language (Python, Go, or similar); sufficient
to review automation, detection logic, and security tooling code written by your team.
Get to know us
At Zillow, we’re reimagining how people move—through the real estate market and through their careers.
As the most-visited real estate platform in the U.S., Zillow helps millions of customers navigate buying, selling, financing, and renting with greater ease and confidence. Our teams in India play a critical role in building and scaling the technology, products, and operations that power this experience.
Whether you’re working in tech, operations, or shared services, you’ll collaborate with global partners to solve meaningful problems and help more people make home a reality.
Zillow is honored to be recognized among the best workplaces in the U.S.. Zillow was named one of FORTUNE 100 Best Companies to Work For® in 2025, and included on the PEOPLE Companies That Care® 2025 list, reflecting our commitment to creating an innovative, inclusive, and engaging culture where employees are empowered to grow.
No matter where you sit in the organization, your work will help drive innovation, support our customers, and move the industry—and your career—forward, together.
Zillow Group is an equal opportunity employer committed to fostering an inclusive, innovative environment with the best employees. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, maternity status, HIV status, or veteran status. Reasonable accommodations will be provided to candidates with disabilities, in accordance with applicable policies.