Application Security Engineer

Opendoor

Hybrid

Quick summary

Work type: Hybrid
Location: Toronto, Canada
Posted: 3 days ago
Nearby: 88 roles within 25 mi

Market check

Salary context

How this pay compares to similar roles

Similar $180k

$120k most similar roles pay here $231k

This listing doesn't post a salary. Most similar roles pay $145,075–$214,850.

Based on 240 similar postings.

Employer

About Opendoor

Opendoor is a digital real estate marketplace that buys and sells homes directly to consumers, simplifying the home selling and buying experience through instant offers and transparent pricing. Industry: Real Estate Technology & iBuying

Opendoor currently has 50 open roles on FindRole.

Listed pay typically runs $156,800–$335,000 across 8 roles with salary data.

Most-posted roles

View all roles at Opendoor

At a glance

TL;DR · Application Security Engineer

Apply Now Log in to save

As an Application Security Engineer at Opendoor in Toronto, you will lead the identification and mitigation of application-layer risks across consumer flows, GraphQL APIs, and AI tools. Your responsibilities include defining and operating vulnerability detection capabilities, assessing and integrating AppSec tooling into developer workflows, maturing the HackerOne program, conducting threat modeling and security design reviews, and building automated workflows for triaging vulnerabilities. You will also enhance authentication and authorization in production services, drive a shift-left strategy to catch issues early, and build Opendoor’s offensive security capability through internal testing and adversarial analysis. The role requires expertise in Python, Go, TypeScript, or Ruby, along with hands-on experience with GitHub Advanced Security, Semgrep, AWS, Kubernetes, Apollo GraphQL, and various AI tooling frameworks.

Skills

Go Python TypeScript Ruby Terraform AWS Kubernetes Apollo GraphQL GitHub Advanced Security Semgrep HackerOne Burp Suite Cloudflare WAF Claude OpenAI MCP CI/CD GraphQL REST gRPC

What you'll do

Define and operate tools for identifying application vulnerabilities across consumer products and APIs.
Assess and integrate AppSec tooling into developer workflows on platforms like GitHub and Slack.
Own and improve the HackerOne program, enhancing triage workflow and researcher relationships.
Lead threat modeling and security design reviews for new services and APIs to prevent common mistakes.
Build AI agents and automated workflows to triage vulnerabilities and draft remediation pull requests.

What we're looking for

5+ years of application security or software engineering experience with a focus on security.
Proficiency in at least one language from Python, Go, TypeScript, Ruby and ability to read/write code across others.
Hands-on expertise deploying GitHub Advanced Security, Semgrep, or equivalent tools for risk detection.
Strong understanding of common application/API vulnerabilities including GraphQL, REST, gRPC security issues.
Experience with cloud (AWS) and container (Kubernetes) security, including IAM, secrets management, CI/CD pipeline security.
Practical threat modeling skills to identify critical risks from architecture diagrams and brief discussions.

Similar roles

Software Engineer

Cisco

San Jose, CA 130 days ago $165,000–$277,600

SONiC-NOS Wireshark Python C++ Linux GDB IXIA Spirent High Speed Serdes MAC ports PRBS ANLT analyzers L2 switching networking protocols Cisco Silicon One

Save