Application Security Engineer

Opendoor

Quick summary

Work type: On-site
Location: Tempe, AZToronto, Canada
Posted: 8 days ago
Nearby: 99+ roles within 25 mi

Market check

Salary context

How this pay compares to similar roles

Similar $182k

$121k most similar roles pay here $231k

This listing doesn't post a salary. Most similar roles pay $147,437–$215,712.

Based on 240 similar postings.

Employer

About Opendoor

Opendoor is a digital real estate marketplace that buys and sells homes directly to consumers, simplifying the home selling and buying experience through instant offers and transparent pricing. Industry: Real Estate Technology & iBuying

Opendoor currently has 36 open roles on FindRole.

Listed pay typically runs $156,800–$335,000 across 8 roles with salary data.

Most-posted roles

View all roles at Opendoor

At a glance

TL;DR · Application Security Engineer

Apply Now Log in to save

As an Application Security Engineer at Opendoor in Toronto, you will be responsible for ensuring the security of all products and services, from consumer-facing applications to internal tools and GraphQL APIs. Your daily tasks include identifying and fixing application vulnerabilities, evolving AppSec tooling such as SAST/DAST and secrets scanning, and integrating these into developer workflows. You will also lead threat modeling sessions, mentor engineers on secure design, and establish offensive security capabilities through pentesting and adversarial analysis. The role requires expertise in languages like Go, Python, TypeScript, Ruby, and Terraform, along with experience in cloud platforms such as AWS and Kubernetes. Ideal candidates have a strong grasp of application vulnerability classes and practical threat modeling skills, enabling them to drive secure development practices across the organization.

Skills

Go Python TypeScript Ruby Terraform AWS Kubernetes GitHub Advanced Security Semgrep HackerOne Burp Suite Cloudflare WAF CI/CD GraphQL REST gRPC OAuth IAM Secrets Management Threat Modeling OWASP Top 10 OWASP API Security Top 10

What you'll do

Identify and resolve application vulnerabilities across consumer products, internal tools, and APIs.
Develop and maintain AppSec tooling stack including SAST/DAST, SCA, and secrets scanning.
Manage HackerOne program by triaging reports, validating exploits, and routing fixes to teams.
Conduct threat modeling and security design reviews for new services and APIs.
Build AI agents and automated workflows to replace manual security review processes.
Mentor engineers on secure design, code review, and attacker mindset practices.

What we're looking for

5+ years of application security or software engineering experience with a focus on security.
Proficiency in at least one language from Python, Go, TypeScript, Ruby; ability to read/write code across multiple languages.
Hands-on expertise with SAST/DAST/SCA tools and real deployment experience using GitHub Advanced Security or Semgrep.
Strong understanding of common application vulnerabilities including OWASP Top 10 and API security pitfalls.
Practical threat modeling skills and experience with cloud and container security on AWS and Kubernetes.
Experience running a bug bounty program, securing AI pipelines, and mobile app reviews is beneficial.

Save