Application Security Engineer

Opendoor

Quick summary

Work type: On-site
Location: Tempe, AZMiami, FL
Posted: 7 days ago
Nearby: 99+ roles within 25 mi

Market check

Salary context

How this pay compares to similar roles

Similar $181k

$121k most similar roles pay here $231k

This listing doesn't post a salary. Most similar roles pay $146,975–$215,712.

Based on 240 similar postings.

Employer

About Opendoor

Opendoor is a digital real estate marketplace that buys and sells homes directly to consumers, simplifying the home selling and buying experience through instant offers and transparent pricing. Industry: Real Estate Technology & iBuying

Opendoor currently has 36 open roles on FindRole.

Listed pay typically runs $156,800–$335,000 across 8 roles with salary data.

Most-posted roles

View all roles at Opendoor

At a glance

TL;DR · Application Security Engineer

Apply Now Log in to save

As an Application Security Engineer at Opendoor in Miami, you will be responsible for ensuring the security of all consumer products and internal tools by identifying and fixing application vulnerabilities. You will own and evolve AppSec tooling such as SAST/DAST, SCA, and secrets scanning, integrating findings into developer workflows using platforms like GitHub Advanced Security and Semgrep. Additionally, you will lead threat modeling and security design reviews for new services, run the HackerOne program to triage and validate vulnerabilities, and build AI agents to automate vulnerability triage and remediation. You must have hands-on experience with application security tools and a strong understanding of common vulnerability classes, particularly in GraphQL and REST APIs. Proficiency in languages like Go, Python, TypeScript, or Ruby is essential, along with expertise in cloud and container security on AWS and Kubernetes.

Skills

Go Python TypeScript Ruby Terraform AWS Kubernetes GitHub Advanced Security Semgrep HackerOne Burp Suite Cloudflare WAF GraphQL REST gRPC CI/CD IAM secrets management threat modeling OWASP Top 10 OWASP API Security Top 10

What you'll do

Identify and remediate application vulnerabilities across consumer products and APIs.
Develop and maintain AppSec tooling stack including SAST/DAST, SCA, and secrets scanning.
Manage HackerOne program by triaging reports, validating exploits, and routing fixes.
Conduct threat modeling and security design reviews for new services and APIs.
Build AI agents to automate vulnerability report triage and exploit validation processes.
Mentor engineers on secure coding practices and shift-left security strategies.

What we're looking for

5+ years of application security or software engineering experience with a focus on security.
Proficiency in at least one language from Python, Go, TypeScript, Ruby; ability to read and write code across multiple languages.
Hands-on expertise with SAST/DAST/SCA tools like GitHub Advanced Security and Semgrep.
Strong understanding of common application vulnerabilities including OWASP Top 10 and API security issues.
Practical threat modeling skills for identifying critical risks in architecture designs.
Experience with cloud and container security on AWS and Kubernetes, including IAM and secrets management.

Save