Staff Application Security Engineer

About Opendoor

Founded in 2014, Opendoor's mission is to empower everyone with the freedom to move. We believe the traditional real estate process is broken and our goal is simple: build a digital, end-to-end customer experience that makes buying and selling a home simple, certain and fast. We have assembled a dedicated team with diverse backgrounds to support more than 100,000 homes bought and sold with us and the customers who have selected Opendoor as a trusted partner in handling one of their largest financial transactions. But the work is far from over as we continue to grow in new markets. Transforming the real estate industry takes tenacity and dedication. It takes problem solvers and builders. It takes a tight knit community of teammates doing the best work of their lives, pushing one another to transform a complicated process into a simple one. So where do you fit in? Whether you're passionate about real estate, people, numbers, words, code, or strategy - we have a place for you. Real estate is broken. Come help us fix it.

About the Team

The Security Operations team at Opendoor focuses on identifying and protecting assets, detecting anomalies and attacks, responding to compromise, and recovering from asset compromise in order to return the business to a steady state. The scope of the Security Operations team includes Application Security, Detection Operations, Incident Response, Infrastructure Security, Penetration Testing, Vulnerability Management, and Threat Intelligence. 

The Application Security Engineer will drive a 'Shift-Left' security approach by integrating automated security tooling into developer workflows and CI/CD pipelines, ensuring early detection and mitigation of vulnerabilities throughout the SDLC. You will work closely with product and development teams to ensure secure systems and applications. You will identify security improvement areas and drive high-impact security initiatives. This role involves educating engineers on security practices, conducting threat modeling, design reviews, code reviews, and addressing application security vulnerabilities.

Here’s what you’ll be up to:

• Champion security design across application code and cloud infrastructure
• Implement and manage SAST, DAST and IAST tools for automated security testing.
• Evaluate and deploy security scanning tools (e.g., Snyk, Semgrep, GitHub Advanced Security, CodeQL).
• Provide architectural guidance and mentorship to up-level the security engineering organization.
• Identify and prioritize risks, attack surfaces, and vulnerabilities
• Perform security code reviews and advise developers on remediating vulnerabilities and following secure coding practices.
• Conduct research to identify new attack vectors
• Automated cloud security assessment and policy enforcement
• Educate engineers about common security issues
• Collaborate with teams to embed security throughout the software lifecycle
• Triaging vulnerabilities and tracking issues to resolution
• Manage the bug bounty program

We’re looking for someone who has:

• Bachelor's degree in Computer Science, Information Security, or a related field
• 7+ years of experience in application security
• Foundational knowledge of operating system security for Linux and of the CWE Top 25
• Ability to communicate effectively with technical and non-technical audiences
• Experience in risk assessment, threat modeling, code reviews, incident response, and vulnerability management.
• Strong programming/scripting skills in Python, Golang, Ruby or similar languages.

Bonus If You Have

• An understanding of the value of usability and buy-in when it comes to security policy and practices
• A love of instrumentation and automation
• Knowledge of supply chain security (SBOM, sigstore, in-toto).
• Love for security at work and outside of work. As shown by: presenting at a known security conference, contributing to or creating open source security tools, contributing to the security community in general, etc.

Here’s the Deal:

• Work in the city center in a fun, non-corporate environment
• Competitive compensation package that includes - a monthly base salary from 28k PLN to 36k PLN, plus RSUs and annual bonus
• Choose the contract type that suits you best (employment or B2B)
• Enjoy 26 days of paid holiday on a B2B contract
• Private medical healthcare
• MultiKafeteria perks for sports, movies, and shopping vouchers