Senior Manager, Application Security

About the team

Our team is dedicated to leading the configuration of critical perimeter defense systems, including anti-bot technologies, web application firewalls (WAF), and AWS Shield! Our responsibility extends to ensuring the security and resilience of the CI/CD pipeline across a diverse and evolving array of technologies.

We collaborate closely with customers to implement security standard processes, integrating their insights with our technical expertise. The goal is to provide a robust, secure foundation for continuous development and deployment, ensuring our organization stays protected against emerging threats while maintaining operational efficiency. Our passion for innovation and security drives us to stay ahead in safeguarding all facets of the development lifecycle.

About the role

We are seeking an experienced and dynamic Cloud Security Engineering Manager to lead and own a versatile team of security engineers responsible for safeguarding our cloud infrastructure, web applications, and CI/CD pipelines! As a hands-on leader, you will be responsible for all aspects of cloud security, mentor your team, and collaborate with cross-functional teams to ensure secure development practices, robust perimeter defense, and compliance with industry standards.

As a Senior Manager, Application Security, you will:

• Lead, mentor, and manage a team of cloud security engineers responsible for securing our cloud infrastructure, applications, and pipelines.

• Provide technical mentorship and expertise to your team in key areas such as AWS architecture, web application security, anti-bot technologies, CI/CD security, and secure coding practices.

• Coordinate the design, deployment, and maintenance of security services and infrastructure, ensuring robust perimeter defenses, threat detection, and collaborate on incident response processes.

• Manage the configuration and optimization of AWS security services, including WAF, Shield, IAM, GuardDuty, Security Hub, CloudFront, VPC, and KMS, in alignment with standard processes.

• Drive the implementation of Infrastructure as Code (IaC) security using tools like Terraform and AWS CloudFormation, ensuring secure and scalable deployments.

• Collaborate with development, operations, and product teams to ensure security is integrated into all stages of the software development lifecycle.

• Define security metrics, supervise progress, and report on the overall health of the organization’s cloud security posture to executive leadership.

• Manage security incidents and escalations, and work with your team to continuously improve incident response processes, using automation wherever possible.

• Develop and implement security policies, standards, and best practices that align with industry regulations and internal compliance requirements.

• Drive the adoption of secure coding practices and cultivate a culture of security awareness across the organization.

This role has been categorized as a Remote position. “Remote” employees do not have a permanent corporate office workplace and, instead, work from a physical location of their choice, which must be identified to the Company. U.S. employees may live in any of the 50 United States, with limited exceptions.

In California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Minnesota, Nevada, New York, Washington state, and Washington DC the standard base pay range for this role is $177,100.00 - $282,900.00 Annually. This base pay range is specific to California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Minnesota, Nevada, New York, Washington state, and Washington DC and may not be applicable to other locations.

In addition to a competitive base salary this position is also eligible for equity awards based on factors such as experience, performance and location. Actual amounts will vary depending on experience, performance and location.

Who you are

• Strong understanding of AWS architecture and security services, including WAF, Shield, IAM, CloudFront, VPC, GuardDuty, Security Hub, and KMS.

• Validated leadership experience in leading and mentoring a team of cloud or security engineers.

• Hands-on experience with Infrastructure as Code (IaC) tools such as Terraform and AWS CloudFormation.

• In-depth knowledge of web application security and perimeter defense technologies, including anti-bot solutions, SSL/TLS, HTTP security headers, and DNS security.

• Experience in securing CI/CD pipelines, integrating security testing tools, and leading secret management systems like AWS Secrets Manager or HashiCorp Vault.

• Solid understanding of secure coding practices, static and dynamic code analysis, and version control security.

• Experience working in an Agile or DevOps environment and collaborating with cross-functional teams.

• AWS certifications (e.g., Solutions Architect, Security Specialty, or DevOps Engineer) are highly desirable.

• Knowledge of compliance frameworks such as NIST, SOC 2, PCI-DSS, or ISO 27001.

Get to know us

Zillow is reimagining real estate to make home a reality for more and more people.

As the most-visited real estate website in the United States, Zillow® and its affiliates help movers find and win their home through digital solutions, first class partners, and easier buying, selling, financing and renting experiences. Millions of people visit Zillow Group sites every month to start their home search, and now they can rely on Zillow to help make it easier to move. The work we do helps people get home and no matter what job you're in, you will play a critical role in making home a reality for more and more people.

Our efforts to streamline the real estate transaction are supported by a deep-rooted culture of innovation, our passion to redefine the employee experience, a fundamental commitment to Equity and Belonging, and world-class benefits. These benefits include comprehensive medical, dental, vision, life, and disability coverages as well as parental leave, family benefits, retirement contributions, and paid time off. We’re also setting the standard for work experiences of the future, where our employees are supported in doing their best work and living a flexible, well-balanced life. But don’t just take our word for it. Read recent reviews on Glassdoor and recent recognition from multiple organizations, including: the 100 Best Companies to Work For, Glassdoor Employees’ Choice Award, Bloomberg Gender-Equality Index, Human Rights Campaign (HRC) Corporate Equity Index, and TIME 100 Most Influential Companies list.

Zillow Group is an equal opportunity employer committed to fostering an inclusive, innovative environment with the best employees. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please contact your recruiter directly.

Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable state and local law.

Applicants who receive job offers from Zillow Group will be asked to sign a Proprietary Rights Agreement which includes confidentiality, intellectual property assignment, customer and employee non-solicitation, and non-competition provisions. If you are contacted for a role at Zillow Group and wish to review a copy of the Proprietary Rights Agreement prior to receiving an offer, you may request a copy from your Recruiter.