Application Security Engineer

Opendoor

Hybrid

Quick summary

Work type: Hybrid
Location: Miami, FL
Posted: 3 days ago
Nearby: 99+ roles within 25 mi

Market check

Salary context

How this pay compares to similar roles

Similar $180k

$120k most similar roles pay here $231k

This listing doesn't post a salary. Most similar roles pay $145,075–$214,850.

Based on 240 similar postings.

Employer

About Opendoor

Opendoor is a digital real estate marketplace that buys and sells homes directly to consumers, simplifying the home selling and buying experience through instant offers and transparent pricing. Industry: Real Estate Technology & iBuying

Opendoor currently has 50 open roles on FindRole.

Listed pay typically runs $156,800–$335,000 across 8 roles with salary data.

Most-posted roles

View all roles at Opendoor

At a glance

TL;DR · Application Security Engineer

Apply Now Log in to save

As an Application Security Engineer at Opendoor, you will lead the identification and mitigation of application-layer risks across consumer flows, GraphQL APIs, and AI-driven tools. Your responsibilities include defining and operating vulnerability detection capabilities, assessing and integrating AppSec tooling into developer workflows, and maturing the HackerOne program to enhance security posture. You will also conduct threat modeling, design reviews, and build automated workflows for triaging vulnerabilities using AI agents. Additionally, you will harden authentication and authorization across various platforms while fostering a strong security culture within engineering teams. The role requires expertise in Go, Python, TypeScript, Ruby, Terraform, and experience with cloud services like AWS, GCP, Azure, Kubernetes, and Apollo GraphQL. You must have hands-on skills in application security tools such as GitHub Advanced Security, Semgrep, and HackerOne, along with a deep understanding of common vulnerability classes and practical threat modeling techniques.

Skills

Go Python TypeScript Ruby Terraform AWS Kubernetes Apollo GraphQL GitHub Advanced Security Semgrep HackerOne Burp Suite Cloudflare WAF CI/CD GraphQL REST gRPC OAuth JWT Docker Linux SQL PostgreSQL Redis MongoDB JSON Web Tokens OAuth 2.0 OpenID Connect Kerberos SAML LDAP ZAP OWASP Top Ten Threat Modeling Cloud Security Secrets Management Mobile Application Security AI Security

What you'll do

Define and operate tools for identifying application vulnerabilities across consumer products and APIs.
Assess and integrate AppSec tooling into developer workflows on platforms like GitHub and Slack.
Own and improve the HackerOne program, enhancing triage workflow and researcher relationships.
Lead threat modeling and security design reviews for new services and APIs to prevent common mistakes.
Build AI agents and automated workflows to triage vulnerabilities and draft remediation pull requests.

What we're looking for

5+ years of application security or software engineering experience with a focus on security.
Proficiency in at least one language from Python, Go, TypeScript, Ruby and ability to work across others.
Hands-on expertise deploying GitHub Advanced Security, Semgrep, or equivalent tools.
Strong understanding of common application vulnerabilities including GraphQL, REST, gRPC security issues.
Experience with cloud (AWS) and container (Kubernetes) security, IAM, secrets management, CI/CD pipeline security.
Practical threat modeling skills to identify critical risks from architecture diagrams and brief discussions.

Similar roles

Software Engineer

Cisco

San Jose, CA 130 days ago $165,000–$277,600

SONiC-NOS Wireshark Python C++ Linux GDB IXIA Spirent High Speed Serdes MAC ports PRBS ANLT analyzers L2 switching networking protocols Cisco Silicon One

Save