Posted 3 days ago

Senior Director, Information Security

Remote Full Time

Job description

About the team Zillow’s Information Security team is the engineering-first security organization at the heart of one of the most-visited real estate platforms in the United States. We protect a product ecosystem that drives real estate transactions, safeguards the personal and financial data of millions of customers, and powers a marketplace that is reimagining what it means to come home. We operate like a product engineering team- we build, automate, and ship. Our security engineers are embedded partners to the product and platform organizations, not gatekeepers. We move fast, we prefer paved roads over guard rails, and we treat security as a feature of the product rather than a tax on it. Our work spans cloud-native infrastructure at scale, a high-velocity application development lifecycle, real-time threat detection and response, and a threat intelligence program that informs both defensive and product risk decisions across the company. This is a team where technical credibility matters. Our leaders write strategy documents and review detection logic and SDLC security controls. If you’ve spent your career building things - secure software, detection pipelines, AppSec programs, zero trust architectures -this is the kind of organization you’ve been building toward. Zillow Group is a strategic, mission-driven organization focused on delivering exceptional experiences and measurable outcomes. Our work spans cross-functional partnership, scalable programs and operational excellence in support of Zillow’s mission. We bring deep experience working across diverse teams in a dynamic, high-growth environment, balancing strategic thinking with hands-on execution to drive meaningful business impact. We are seeking an experienced professional to support our workforce expansion in India. About the role As Sr. Director of Information Security, drive the strategy, execution, and maturity of four interconnected security disciplines: Cyber Defense (SOC and Security Engineering), Threat Intelligence, Application Security, and Security Architecture. This is an M6 leadership role that reports directly to the VP, CISO, and carries significant accountability for the security posture, talent, and engineering culture of a large, multi-function organization. We are looking for a builder, someone who has led security organizations inside high-growth technology companies where engineering velocity is a first-class value. You have a background that started in software engineering or security engineering, and you’ve never fully left it behind. You are the leader who can earn trust with a senior engineers and peers, recruit principal-level security engineers, and then go present business risk . You will manage a team of managers and senior individual contributors across your four domains, partnering deeply with Platform Engineering, Product, Legal, Privacy, and Compliance. You will set multi-year technical roadmaps, own the operational budget and tooling strategy for your org, and serve as a key voice in defining the company’s overall security risk posture and investment priorities. Responsibilities Leadership & Organizational Strategy • Lead and develop a multi-manager organization across Cyber Defense (SOC + Engineering), Threat Intelligence, Application Security, and Security Architecture, setting clear direction, healthy team culture, and high-performance expectations at every level. ZILLOW GROUP CONFIDENTIAL — FOR INTERNAL USE Information Security | Sr. Director, Information Security | M6 Page 2 • Establish and execute a 2–3-year strategic roadmap for your domains that is tightly coupled to Zillow’s product and platform engineering priorities, not just industry compliance frameworks. • Own workforce planning, org design, talent acquisition, and the development of a bench of future security leaders—with a specific focus on recruiting and retaining engineers who want to build, not just advise. • Manage budget, tooling portfolio, and vendor relationships across your scope, with a bias toward consolidation, automation ROI, and eliminating tool sprawl. • Represent Information Security at the executive and leadership level; translate complex technical risk into business impact for the CISO Cyber Defense (SOC & Security Engineering) • Oversee and mature the Security Operations Center (SOC) and the Security Engineering function that powers it, driving the transition from reactive monitoring to proactive detection engineering and automated response. • Champion a detection-as-code philosophy, custom, high-fidelity detections mapped to Zillow’s specific threat model rather than out-of-the-box vendor content. • Own the Incident Response program, ensuring rapid containment capability, strong forensics practice, and a culture of blameless post-incident review with systemic remediation. • Drive SOAR (Security Orchestration, Automation, and Response) adoption to reduce MTTR and scale SOC capacity without proportional headcount growth. • Cultivate an offensive security mindset within the team; champion red team and adversarial simulation exercises to proactively identify gaps before they are exploited. Threat Intelligence • Build and operationalize a threat intelligence program that is actionable and deeply integrated with the SOC, AppSec, and Architecture functions, not a standalone reporting exercise. • Ensure threat intelligence informs product risk decisions, detection priorities, and architectural controls, connecting external threat landscape shifts directly to internal engineering roadmaps. • Develop relationships with industry threat-sharing communities, law enforcement partners, and peer organizations to ensure Zillow has early-warning visibility on threats relevant to the real estate and fintech ecosystem. Application Security • Lead an AppSec organization that partners with product engineering rather than policing it— building “paved road” security capabilities embedded in CI/CD pipelines, frameworks, and developer tooling. • Drive a developer-first security culture: create security enablement programs, secure coding training, and internal tooling that make the secure path the easy path for Zillow’s engineers. • Ensure comprehensive coverage of Zillow’s application portfolio including secure design review, DAST/SAST integration, dependency management, and API security. • Own product security strategy, ensuring that security is a design-time consideration in new product features, not an audit checkpoint at the end of the SDLC. • Build and maintain a vulnerability management program with clear SLAs, risk-based prioritization, and executive-facing reporting. ZILLOW GROUP CONFIDENTIAL — FOR INTERNAL USE Information Security | Sr. Director, Information Security | M6 Page 3 Security Architecture • Lead the Security Architecture function to establish and maintain enterprise security patterns, reference architectures, and guardrails for Zillow’s cloud-native, AWS-centric infrastructure. • Drive Zero Trust principles and identity-driven access across the environment, working with Platform Engineering to embed security patterns into infrastructure-as-code and platform primitives. • Ensure security architecture is a proactive partner in platform and product design reviews, providing clear, opinionated guidance that accelerates rather than slows engineering delivery. • Maintain a forward-looking architecture posture: evaluate emerging threats and technology shifts (e.g., AI/ML-driven attack surfaces, cloud configuration risk) and evolve controls accordingly. This role has been categorized as an Office position. “Office” employees regularly work at the Zillow India office for approximately 80 to 100 percent of their time each month. Employees must live within a reasonable commuting distance of the office. Zillow has not defined a reasonable distance, and expects employees will use judgment in determining this for themselves and understand the implications re: time commitment and cost of daily commute. In addition to a competitive base pay, employees in this role are eligible for incentive compensation subject to applicable laws and relevant Zillow policies. Actual amounts will vary depending on experience, performance and location. Who you are 12+ years of progressive security experience, with at least 5 years in senior leadership roles managing managers and multi-functional security teams; prior experience in a high-growth consumer technology or fintech company is strongly preferred. • Roots in security engineering, software development, or platform engineering—you have built things, not just governed them, and your technical instincts remain sharp enough to engage credibly with principal engineers and architects. • Demonstrated experience owning multiple security domains simultaneously (e.g., SOC/detection, AppSec, architecture) with the organizational maturity to drive excellence across each without personally bottlenecking any of them. • Proven track record in Application Security leadership at scale—specifically, building AppSec programs that integrate natively into SDLC, CI/CD, and developer workflows inside technology- forward organizations. • Deep expertise in multi cloud security (AWS preferred), including IaC security (Terraform/CloudFormation), Kubernetes/container security, and Zero Trust architecture patterns. • Strong detection engineering mindset: experience moving a SOC from alert triage to custom detection pipelines, SOAR automation, and threat-model-driven coverage. • Ability to quantify and communicate security risk in business and financial terms; experience presenting to executive leadership and, ideally, board-level audiences. • Talent magnet: a reputation for hiring and developing elite security engineers, with the technical credibility to attract senior ICs who could work anywhere. • Familiarity with the modern security tooling ecosystem: SIEM, SOAR, DLP,EDR, EPM, CSPM/CWPP ,SaST /DaST. IAC, and container security - with the judgment to rationalize and consolidate rather than accumulate. • Proficiency in at least one scripting or programming language (Python, Go, or similar); sufficient to review automation, detection logic, and security tooling code written by your team. Get to know us At Zillow, we’re reimagining how people move—through the real estate market and through their careers. As the most-visited real estate platform in the U.S., Zillow helps millions of customers navigate buying, selling, financing, and renting with greater ease and confidence. Our teams in India play a critical role in building and scaling the technology, products, and operations that power this experience. Whether you’re working in tech, operations, or shared services, you’ll collaborate with global partners to solve meaningful problems and help more people make home a reality. Zillow is honored to be recognized among the best workplaces in the U.S.. Zillow was named one of FORTUNE 100 Best Companies to Work For® in 2025, and included on the PEOPLE Companies That Care® 2025 list, reflecting our commitment to creating an innovative, inclusive, and engaging culture where employees are empowered to grow. No matter where you sit in the organization, your work will help drive innovation, support our customers, and move the industry—and your career—forward, together. Zillow Group is an equal opportunity employer committed to fostering an inclusive, innovative environment with the best employees. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, maternity status, HIV status, or veteran status. Reasonable accommodations will be provided to candidates with disabilities, in accordance with applicable policies. Create job alert email notifications. Log into your existing Workday profile, or create a profile to get started. It’s the easiest way to stay in the loop–no application needed. At Zillow, flexibility isn’t a perk–it’s how we work. Cloud HQ is our distributed-first model, built on trust, clear systems, and the belief that you can do great work from wherever you are. It’s not about where you work. It’s about moving forward–together.

Skills and functions

  • Aws
  • Human Resources
  • Kubernetes
  • Python
  • Software Engineering
  • Terraform