.ZillowThe leading real estate marketplace. Search millions of for-sale and rental listings, compare Zestimate home values and connect with local professionals.About the teamJoin our team as a versatile and hardworking Senior Cloud Security Engineer. This role presents an excellent opportunity to contribute to the security and reliability of our cloud infrastructure and web applications. Your responsibilities will include implementing outstanding security measures, adhering to standard processes in secure code development, and optimizing the performance and scalability of our applications. Collaborate with development, operations, and security teams to successfully deploy solutions that safeguard our systems from threats and vulnerabilities.About the roleOur team plays a crucial role in Zillow's security operations, responsible for protecting critical perimeter defense systems, including anti-bot technologies and AWS Shield. We coordinate the secure configuration of a wide range of web products, guaranteeing flawless performance and strong defense. Our goal is to strengthen the security of the CI/CD pipeline, finding the right balance between agility and resilience in a constantly changing tech environment. We value positive, collaborative relationships with collaborators, incorporating their input into our security standard methodologies to improve operational efficiency.This role has been categorized as a teleworker position. Teleworkers do not have a permanent corporate office workplace and, instead, work from a physical location of their choice which must be identified to the Company. Employees may live in any part of Mexico, but preferably in Mexico City, as we would encourage attendance for occasional in-office events.In addition to a competitive base salary and benefits, this position is also eligible for equity awards based on factors such as experience, performance, and location.Who you areStrong understanding of AWS architecture and services, with hands-on experience in AWS WAF, Shield, CloudFront, IAM, VPC, GuardDuty, Kinesis, Cloud Trail, Security Hub, KMS, Athena, Lambda, Step Functions, etc.Proficient developer skills in Python, Java, Golang, and Bash, with experience writing and running SQL queries.Expertise in IaC using Terraform and AWS CloudFormation.Practical experience with bot detection and mitigation technologies, web security standard methodologies (SSL/TLS, HTTP security headers), and CDN/DNS security.Deep knowledge of the OWASP Top 10 vulnerabilities and experience mitigating threats like SQL injection, XSS, CSRF, and others.Proven experience securing CI/CD pipelines, integrating security testing tools, and managing secret management solutions.Strong experience with containerization orchestration tools (AWS ECR, Kubernetes, Docker, GKE or equivalent experience) and managing secure containerized environments