Application Security Engineer

Responsibilities

• Find and fix application vulnerabilities across consumer products, internal admin tools, and GraphQL APIs.
• Own and evolve the AppSec tooling stack, including SAST, DAST, SCA, and secrets scanning.
• Manage the HackerOne program by triaging reports, validating exploits, and routing fixes.
• Lead threat modeling and security design reviews for new services, APIs, and mobile features.
• Build AI agents and automated workflows to triage vulnerability reports and draft remediation PRs.
• Partner with engineering teams to harden authentication, authorization, and input validation.
• Develop offensive security capabilities, including internal pentesting and red team exercises.
• Mentor engineers in secure design, code review, and adversarial thinking.

Requirements

• 5+ years of application security or software engineering experience with a security focus.
• Proficiency in at least one of the following: Python, Go, TypeScript, or Ruby.
• Hands-on expertise with SAST/DAST/SCA toolchains (e.g., GitHub Advanced Security, Semgrep).
• Strong understanding of OWASP Top 10 and OWASP API Security Top 10.
• Experience with cloud and container security on AWS and Kubernetes (EKS).
• Practical threat modeling skills and experience with API security (GraphQL, REST, gRPC).

Preferred Qualifications

• Offensive security experience, such as web/mobile pentesting or red team operations.
• Experience running bug bounty or coordinated disclosure programs at scale.
• Experience securing AI/ML pipelines, agent frameworks, or MCP-style integrations.
• Relevant offensive security certifications like OSCP or OSWE.

About the Company

Opendoor is building the most trusted housing platform to make online home buying and selling radically simple. By combining proprietary data with the power of artificial intelligence, we are setting a new standard for how people move and build wealth through homeownership.