Jobs
Z

Senior Director, Information Security

ZillowKA, IN2d ago
Full-timevia indeed

Required Skills

apiawsci/cdgokubernetespythonrailsterraform

Job Description

  • *About the team**
  • -----------------

Zillow’s Information Security team is the engineering\-first security organization at the heart of one of the

most\-visited real estate platforms in the United States. We protect a product ecosystem that drives real

estate transactions, safeguards the personal and financial data of millions of customers, and powers a

marketplace that is reimagining what it means to come home.

We operate like a product engineering team\- we build, automate, and ship. Our security engineers are

embedded partners to the product and platform organizations, not gatekeepers. We move fast, we

prefer paved roads over guard rails, and we treat security as a feature of the product rather than a tax

on it. Our work spans cloud\-native infrastructure at scale, a high\-velocity application development

lifecycle, real\-time threat detection and response, and a threat intelligence program that informs both

defensive and product risk decisions across the company.

This is a team where technical credibility matters. Our leaders write strategy documents and review

detection logic and SDLC security controls. If you’ve spent your career building things \- secure

software, detection pipelines, AppSec programs, zero trust architectures \-this is the kind of organization

you’ve been building toward.

  • *Zillow Group is a strategic, mission\-driven organization focused on delivering exceptional experiences and measurable outcomes.** Our work spans cross\-functional partnership, scalable programs and operational excellence in support of Zillow’s mission. We bring deep experience working across diverse teams in a dynamic, high\-growth environment, balancing strategic thinking with hands\-on execution to drive meaningful business impact. We are seeking an experienced professional to support our workforce expansion in India.
  • *About the role**
  • -----------------

As Sr. Director of Information Security, drive the strategy, execution, and maturity of four

interconnected security disciplines: Cyber Defense (SOC and Security Engineering), Threat

Intelligence, Application Security, and Security Architecture. This is an M6 leadership role that reports

directly to the VP, CISO, and carries significant accountability for the security posture, talent, and

engineering culture of a large, multi\-function organization.

We are looking for a builder, someone who has led security organizations inside high\-growth

technology companies where engineering velocity is a first\-class value. You have a background that

started in software engineering or security engineering, and you’ve never fully left it behind. You are the

leader who can earn trust with a senior engineers and peers, recruit principal\-level security engineers,

and then go present business risk .

You will manage a team of managers and senior individual contributors across your four domains,

partnering deeply with Platform Engineering, Product, Legal, Privacy, and Compliance. You will set

multi\-year technical roadmaps, own the operational budget and tooling strategy for your org, and serve

as a key voice in defining the company’s overall security risk posture and investment priorities.

Responsibilities

Leadership \& Organizational Strategy

  • Lead and develop a multi\-manager organization across Cyber Defense (SOC \+ Engineering),

Threat Intelligence, Application Security, and Security Architecture, setting clear direction, healthy

team culture, and high\-performance expectations at every level.

ZILLOW GROUP CONFIDENTIAL — FOR INTERNAL USE

Information Security \| Sr. Director, Information Security \| M6 Page 2

  • Establish and execute a 2–3\-year strategic roadmap for your domains that is tightly coupled to

Zillow’s product and platform engineering priorities, not just industry compliance frameworks.

  • Own workforce planning, org design, talent acquisition, and the development of a bench of future

security leaders—with a specific focus on recruiting and retaining engineers who want to build,

not just advise.

  • Manage budget, tooling portfolio, and vendor relationships across your scope, with a bias toward

consolidation, automation ROI, and eliminating tool sprawl.

  • Represent Information Security at the executive and leadership level; translate complex technical

risk into business impact for the CISO

Cyber Defense (SOC \& Security Engineering)

  • Oversee and mature the Security Operations Center (SOC) and the Security Engineering

function that powers it, driving the transition from reactive monitoring to proactive detection

engineering and automated response.

  • Champion a detection\-as\-code philosophy, custom, high\-fidelity detections mapped to Zillow’s

specific threat model rather than out\-of\-the\-box vendor content.

  • Own the Incident Response program, ensuring rapid containment capability, strong forensics

practice, and a culture of blameless post\-incident review with systemic remediation.

  • Drive SOAR (Security Orchestration, Automation, and Response) adoption to reduce MTTR and

scale SOC capacity without proportional headcount growth.

  • Cultivate an offensive security mindset within the team; champion red team and adversarial

simulation exercises to proactively identify gaps before they are exploited.

Threat Intelligence

  • Build and operationalize a threat intelligence program that is actionable and deeply integrated

with the SOC, AppSec, and Architecture functions, not a standalone reporting exercise.

  • Ensure threat intelligence informs product risk decisions, detection priorities, and architectural

controls, connecting external threat landscape shifts directly to internal engineering roadmaps.

  • Develop relationships with industry threat\-sharing communities, law enforcement partners, and

peer organizations to ensure Zillow has early\-warning visibility on threats relevant to the real

estate and fintech ecosystem.

Application Security

  • Lead an AppSec organization that partners with product engineering rather than policing it—

building “paved road” security capabilities embedded in CI/CD pipelines, frameworks, and

developer tooling.

  • Drive a developer\-first security culture: create security enablement programs, secure coding

training, and internal tooling that make the secure path the easy path for Zillow’s engineers.

  • Ensure comprehensive coverage of Zillow’s application portfolio including secure design review,

DAST/SAST integration, dependency management, and API security.

  • Own product security strategy, ensuring that security is a design\-time consideration in new

product features, not an audit checkpoint at the end of the SDLC.

  • Build and maintain a vulnerability management program with clear SLAs, risk\-based prioritization,

and executive\-facing reporting.

ZILLOW GROUP CONFIDENTIAL — FOR INTERNAL USE

Information Security \| Sr. Director, Information Security \| M6 Page 3

Security Architecture

  • Lead the Security Architecture function to establish and maintain enterprise security patterns,

reference architectures, and guardrails for Zillow’s cloud\-native, AWS\-centric infrastructure.

  • Drive Zero Trust principles and identity\-driven access across the environment, working with

Platform Engineering to embed security patterns into infrastructure\-as\-code and platform

primitives.

  • Ensure security architecture is a proactive partner in platform and product design reviews,

providing clear, opinionated guidance that accelerates rather than slows engineering delivery.

  • Maintain a forward\-looking architecture posture: evaluate emerging threats and technology shifts

(e.g., AI/ML\-driven attack surfaces, cloud configuration risk) and evolve controls accordingly.

This role has been categorized as an Office position. “Office” employees regularly work at the Zillow India office for approximately 80 to 100 percent of their time each month. Employees must live within a reasonable commuting distance of the office. Zillow has not defined a reasonable distance, and expects employees will use judgment in determining this for themselves and understand the implications re: time commitment and cost of daily commute.

In addition to a competitive base pay, employees in this role are eligible for incentive compensation subject to applicable laws and relevant Zillow policies. Actual amounts will vary depending on experience, performance and location.

  • *Who you are**
  • --------------

12\+ years of progressive security experience, with at least 5 years in senior leadership roles

managing managers and multi\-functional security teams; prior experience in a high\-growth

consumer technology or fintech company is strongly preferred.

  • Roots in security engineering, software development, or platform engineering—you have built

things, not just governed them, and your technical instincts remain sharp enough to engage

credibly with principal engineers and architects.

  • Demonstrated experience owning multiple security domains simultaneously (e.g., SOC/detection,

AppSec, architecture) with the organizational maturity to drive excellence across each without

personally bottlenecking any of them.

  • Proven track record in Application Security leadership at scale—specifically, building AppSec

programs that integrate natively into SDLC, CI/CD, and developer workflows inside technology\-

forward organizations.

  • Deep expertise in multi cloud security (AWS preferred), including IaC security

(Terraform/CloudFormation), Kubernetes/container security, and Zero Trust architecture patterns.

  • Strong detection engineering mindset: experience moving a SOC from alert triage to custom

detection pipelines, SOAR automation, and threat\-model\-driven coverage.

  • Ability to quantify and communicate security risk in business and financial terms; experience

presenting to executive leadership and, ideally, board\-level audiences.

  • Talent magnet: a reputation for hiring and developing elite security engineers, with the technical

credibility to attract senior ICs who could work anywhere.

  • Familiarity with the modern security tooling ecosystem: SIEM, SOAR, DLP,EDR, EPM,

CSPM/CWPP ,SaST /DaST. IAC, and container security \- with the judgment to rationalize and

consolidate rather than accumulate.

  • Proficiency in at least one scripting or programming language (Python, Go, or similar); sufficient

to review automation, detection logic, and security tooling code written by your team.

  • *Get to know us**
  • -----------------

At Zillow, we’re reimagining how people move—through the real estate market and through their careers.

As the most\-visited real estate platform in the U.S., Zillow helps millions of customers navigate buying, selling, financing, and renting with greater ease and confidence. Our teams in India play a critical role in building and scaling the technology, products, and operations that power this experience.

Whether you’re working in tech, operations, or shared services, you’ll collaborate with global partners to solve meaningful problems and help more people make home a reality.

Zillow is honored to be recognized among the best workplaces in the U.S.. Zillow was named one of FORTUNE 100 Best Companies to Work For® in 2025, and included on the PEOPLE Companies That Care® 2025 list, reflecting our commitment to creating an innovative, inclusive, and engaging culture where employees are empowered to grow.

No matter where you sit in the organization, your work will help drive innovation, support our customers, and move the industry—and your career—forward, together.

  • Zillow Group is an equal opportunity employer committed to fostering an inclusive, innovative environment with the best employees. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, maternity status, HIV status, or veteran status. Reasonable accommodations will be provided to candidates with disabilities, in accordance with applicable policies.*

Similar Jobs

Browse all jobs

Job Overview

Job type
Full-time
Work mode
On-site
Location
Bengaluru
Posted
2d ago
Source
Indeed