Application Security Engineer

Responsibilities

• Find and fix application vulnerabilities across consumer products, internal admin tools, and GraphQL APIs.
• Own and evolve the AppSec tooling stack, including SAST, DAST, SCA, and secrets scanning.
• Manage the HackerOne program by triaging reports, validating exploits, and routing fixes to engineering teams.
• Lead threat modeling and security design reviews for new services, APIs, and mobile features.
• Build AI agents and automated workflows to automate vulnerability triage and remediation drafting.
• Partner with engineering teams to harden authentication, authorization, and input validation across various services.
• Develop offensive security capabilities, including internal pentesting and red team exercises.
• Mentor engineers in secure design, code review, and adversarial thinking.

Requirements

• 5+ years of application security or software engineering experience with a security focus.
• Proficiency in at least one of the following languages: Python, Go, TypeScript, or Ruby.
• Hands-on expertise with SAST/DAST/SCA toolchains (e.g., GitHub Advanced Security, Semgrep).
• Strong understanding of OWASP Top 10 and OWASP API Security Top 10.
• Experience with cloud and container security, specifically AWS and Kubernetes (EKS).
• Practical threat modeling skills and experience with API security (GraphQL, REST, gRPC).

Preferred Qualifications

• Offensive security experience, such as web/mobile pentesting or red team operations.
• Experience running bug bounty or coordinated disclosure programs at scale.
• Experience securing AI/ML pipelines, agent frameworks, or MCP-style integrations.
• Relevant offensive security certifications like OSCP or OSWE.

About the Company

Opendoor is building the modern system of homeownership, providing an end-to-end online experience that makes buying and selling homes radically simple. By combining proprietary data with the power of artificial intelligence, we are setting a new standard for how people move.