Application Security Engineer

Opendoor

Quick summary

Work type: On-site
Location: Seattle, WA
Posted: 7 days ago
Nearby: 99+ roles within 25 mi

Market check

Salary context

How this pay compares to similar roles

Similar $181k

$121k most similar roles pay here $231k

This listing doesn't post a salary. Most similar roles pay $146,975–$215,712.

Based on 240 similar postings.

Employer

About Opendoor

Opendoor is a digital real estate marketplace that buys and sells homes directly to consumers, simplifying the home selling and buying experience through instant offers and transparent pricing. Industry: Real Estate Technology & iBuying

Opendoor currently has 36 open roles on FindRole.

Listed pay typically runs $156,800–$335,000 across 8 roles with salary data.

Most-posted roles

View all roles at Opendoor

At a glance

TL;DR · Application Security Engineer

Apply Now Log in to save

As an Application Security Engineer at Opendoor in Seattle, you will be responsible for ensuring the security of all applications and services across consumer products, internal tools, and GraphQL APIs. You will own and evolve AppSec tooling, integrate findings into developer workflows, manage the HackerOne program, lead threat modeling, and build AI agents to automate vulnerability triage and remediation. Key technologies include Go, Python, TypeScript, Ruby, Terraform, AWS, GCP, Azure, Kubernetes/EKS, GitHub Advanced Security, Semgrep, Burp Suite, Cloudflare WAF, and various AI tools. You should have 5+ years of application security or software engineering experience with hands-on expertise in SAST/DAST/SCA tools, cloud and container security, and a strong understanding of common vulnerability classes. Bonus points for offensive security experience and running bug bounty programs.

Skills

Go Python TypeScript Ruby Terraform AWS Kubernetes GitHub Advanced Security Semgrep HackerOne Burp Suite Cloudflare WAF GraphQL REST gRPC CI/CD IAM secrets management threat modeling OWASP Top 10 OWASP API Security Top 10

What you'll do

Identify and resolve application vulnerabilities across consumer products, internal tools, and APIs.
Develop and maintain AppSec tooling stack including SAST/DAST, SCA, and secrets scanning.
Manage HackerOne program by triaging reports, validating exploits, and routing fixes to teams.
Conduct threat modeling and security design reviews for new services and APIs.
Build AI agents and automated workflows to triage vulnerability reports and draft remediation PRs.

What we're looking for

5+ years of application security or software engineering experience with a focus on security.
Proficiency in at least one language from Python, Go, TypeScript, Ruby; ability to read/write code across multiple languages.
Hands-on expertise with SAST/DAST/SCA tools and real deployment experience using GitHub Advanced Security or equivalent.
Strong understanding of common application vulnerabilities including OWASP Top 10 and API security pitfalls.
Practical threat modeling skills to identify critical risks from architecture diagrams and discussions.
Experience in cloud and container security on AWS and Kubernetes, including IAM, secrets management, and CI/CD pipeline security.

Save