Application Security Engineer
Opendoor
About Opendoor At Opendoor our mission is to tilt the world in favor of homeowners and those who aim to become one. Homeownership matters. It's how people build wealth, stability, and community. It's how families put down roots, how neighborhoods strengthen, how the future gets built. We're building the modern system of homeownership giving people the freedom to buy and sell on their own terms. We've built an end-to-end online experience that has already helped thousands of people and we're just getting started. About The Role Our Security Engineering team builds intelligent systems that protect Opendoor and our customers while enabling unprecedented engineering velocity. We apply software engineering and AI to solve security problems across product, infrastructure, and operations by building guardrails where they matter, not gates where they don't. As our Application Security Engineer, you'll own how we find, prioritize, and drive down application-layer risk across the consumer flows that put cash offers in homeowners' hands, the GraphQL APIs that power our products, and the AI agents and vibe-coded tools our engineers ship every week. The job is to make it safe to build fast, not to slow things down.
What You'll Do
• Define, build and operate Opendoor's application vulnerability identification capability - the tooling, triage workflow and remediation techniques across our consumer products, internal admin tools and GraphQL API powering home acquisition, resale, mortgage, title and escrow.
• Assess, rationalize and own our AppSec tooling stack - static and dynamic security testing, software supply chain risk detection and secrets scanning and integrate findings into developer workflows where engineers already live (GitHub, Linear, Slack).
• Own and mature our HackerOne program: tightening the triage workflow, improving signal to noise on incoming reports, strengthening researcher relationships and closing the loop with engineering teams so root causes get addressed quickly.
• Lead threat modeling and security design reviews for new services, APIs, and mobile features. Turn the patterns you see into rules, lint checks, and CI guardrails so the next team doesn't make the same mistake.
• Build AI agents and automated workflows that triage vulnerability reports, validate exploit reproductions, and draft remediation pull requests, replacing manual security review with high-signal automation.
• Partner with engineering teams to harden authentication, authorization, and input validation across our codebase and production services, including the GraphQL gateway (Apollo) and our Kubernetes workloads - while driving a shift-left strategy that catches vulnerabilities before they ship.
• Build Opendoor's offensive security capability. Scope and run internal security testing, red team exercises and adversarial analysis of our highest-risk flows ensuring findings directly harden detection and response.
• Set the bar for what "secure by default" looks like for AI-maximalist engineering, including vibe-coded apps, MCP servers, and agent-driven workflows that touch production data.
• Build Opendoor's security culture by establishing secure design standards, embedding into engineering team rituals and developing a strong security mindset - creating a foundation for engineers to think like attackers without slowing down.
Tech Stack
• Languages: Go, Python, TypeScript, Ruby, Terraform
• Cloud: AWS, GCP, Azure, Kubernetes, Apollo GraphQL
• AppSec Tooling: GitHub Advanced Security (CodeQL, Dependabot, secret scanning), Semgrep, HackerOne, Burp Suite, Cloudflare WAF
• AI Tooling: Claude, OpenAI, various agent frameworks, MCP - used heavily for vulnerability triage, exploit verification, and remediation drafting What You'll Need
• Deep conviction that AI and automation should eliminate manual work and increase the team's impact, and a track record to prove it. You've built agentic systems that replaced reactive security work, not just configured off-the-shelf tools.
• Comfort operating with high autonomy in ambiguous environments. You've defined what "good" looks like in a domain where no playbook existed, you're energized by that, not unsettled by it.
• Business enablement security mindset. You measure success by business impact and informed risk-taking, not by tickets opened or pen test reports filed.
• 5+ years of application security or software engineering experience with a security focus, with strong skills in at least one of Python, Go, TypeScript, or Ruby, and the ability to read and write code across the others.
• Hands-on expertise across the security risk detection toolchain with real deployment experience using GitHub Advanced Security, Semgrep, or equivalent.
• Strong grasp of common application and API vulnerability classes including GraphQL, REST, and gRPC security pitfalls - broken authorization, mass assignment, introspection exposure, insecure direct object references.
• Practical threat modeling skills. You can take an architecture diagram and a 30-minute conversation and walk out with the three things that actually matter.
• Experience with cloud and container security on AWS and Kubernetes, including identity and access management, secrets management, and continuous integration / continuous deployment pipeline security.
• Humility and genuine curiosity. You're as excited to learn from product engineers and enable their work as you are to break things. Bonus Points
• Offensive security experience including pentesting, API security, or mobile security, and/or red team operations.
• Experience running a bug bounty or coordinated disclosure program at scale.
• Mobile application security review experience (iOS and Android).
• Experience securing AI and machine learning pipelines, agent frameworks, or MCP-style integrations.
• OSCP, OSWE, or similar offensive certifications. Location This role is based in our downtown Miami office, in-person four days per week (Monday, Tuesday, Thursday, Friday). Candidates must be based within commuting distance of the office.
What You'll Do
• Define, build and operate Opendoor's application vulnerability identification capability - the tooling, triage workflow and remediation techniques across our consumer products, internal admin tools and GraphQL API powering home acquisition, resale, mortgage, title and escrow.
• Assess, rationalize and own our AppSec tooling stack - static and dynamic security testing, software supply chain risk detection and secrets scanning and integrate findings into developer workflows where engineers already live (GitHub, Linear, Slack).
• Own and mature our HackerOne program: tightening the triage workflow, improving signal to noise on incoming reports, strengthening researcher relationships and closing the loop with engineering teams so root causes get addressed quickly.
• Lead threat modeling and security design reviews for new services, APIs, and mobile features. Turn the patterns you see into rules, lint checks, and CI guardrails so the next team doesn't make the same mistake.
• Build AI agents and automated workflows that triage vulnerability reports, validate exploit reproductions, and draft remediation pull requests, replacing manual security review with high-signal automation.
• Partner with engineering teams to harden authentication, authorization, and input validation across our codebase and production services, including the GraphQL gateway (Apollo) and our Kubernetes workloads - while driving a shift-left strategy that catches vulnerabilities before they ship.
• Build Opendoor's offensive security capability. Scope and run internal security testing, red team exercises and adversarial analysis of our highest-risk flows ensuring findings directly harden detection and response.
• Set the bar for what "secure by default" looks like for AI-maximalist engineering, including vibe-coded apps, MCP servers, and agent-driven workflows that touch production data.
• Build Opendoor's security culture by establishing secure design standards, embedding into engineering team rituals and developing a strong security mindset - creating a foundation for engineers to think like attackers without slowing down.
Tech Stack
• Languages: Go, Python, TypeScript, Ruby, Terraform
• Cloud: AWS, GCP, Azure, Kubernetes, Apollo GraphQL
• AppSec Tooling: GitHub Advanced Security (CodeQL, Dependabot, secret scanning), Semgrep, HackerOne, Burp Suite, Cloudflare WAF
• AI Tooling: Claude, OpenAI, various agent frameworks, MCP - used heavily for vulnerability triage, exploit verification, and remediation drafting What You'll Need
• Deep conviction that AI and automation should eliminate manual work and increase the team's impact, and a track record to prove it. You've built agentic systems that replaced reactive security work, not just configured off-the-shelf tools.
• Comfort operating with high autonomy in ambiguous environments. You've defined what "good" looks like in a domain where no playbook existed, you're energized by that, not unsettled by it.
• Business enablement security mindset. You measure success by business impact and informed risk-taking, not by tickets opened or pen test reports filed.
• 5+ years of application security or software engineering experience with a security focus, with strong skills in at least one of Python, Go, TypeScript, or Ruby, and the ability to read and write code across the others.
• Hands-on expertise across the security risk detection toolchain with real deployment experience using GitHub Advanced Security, Semgrep, or equivalent.
• Strong grasp of common application and API vulnerability classes including GraphQL, REST, and gRPC security pitfalls - broken authorization, mass assignment, introspection exposure, insecure direct object references.
• Practical threat modeling skills. You can take an architecture diagram and a 30-minute conversation and walk out with the three things that actually matter.
• Experience with cloud and container security on AWS and Kubernetes, including identity and access management, secrets management, and continuous integration / continuous deployment pipeline security.
• Humility and genuine curiosity. You're as excited to learn from product engineers and enable their work as you are to break things. Bonus Points
• Offensive security experience including pentesting, API security, or mobile security, and/or red team operations.
• Experience running a bug bounty or coordinated disclosure program at scale.
• Mobile application security review experience (iOS and Android).
• Experience securing AI and machine learning pipelines, agent frameworks, or MCP-style integrations.
• OSCP, OSWE, or similar offensive certifications. Location This role is based in our downtown Miami office, in-person four days per week (Monday, Tuesday, Thursday, Friday). Candidates must be based within commuting distance of the office.
Vacancy posted 5 days ago
Similar jobs that could be interesting for youBased on the Application Security Engineer in Miami, FL vacancy
$110k
...Application Security Engineer We seek a highly motivated and experienced Application Security Engineer to join our growing security team. This role is highly technical and candidates must possess a solid understanding of the security and privacy of our company's applications...SuggestedFull time$140k - $200k
..., offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions... ...greater scale, reach, and impact. Department Application Security Role Senior Application Security Engineer As a Senior Application Security Engineer on the...SuggestedWork at officeRemote workFlexible hours- Dormont Manufacturing Co in Miami, Florida, is seeking a Senior E-Discovery Application Administrator II. Responsibilities include developing and maintaining litigation support applications. The ideal candidate will have substantial programming experience and a degree in...Suggested
- ...support. The ideal candidate will possess substantial programming experience and is responsible for developing and maintaining applications used in litigation. Strong communication skills and a relevant degree are required. The role offers a collaborative environment...SuggestedFull time
- Dormont Manufacturing Co is looking for an E-Discovery Application Administrator II in Miami, Florida. This full-time position involves providing IT legal support services and independently developing, modifying, and maintaining complex programs for litigation applications...SuggestedFull time
- Intune / Application Packaging Engineer Start date & Location Miami office (5 days onsite) Required Qualifications 5+ years of experience in application packaging and software deployment. 3+ years of hands‑on experience with Microsoft Intune . Experience creating and deploying...Work at office
- We are looking for a strong & enthusiastic Support Engineer to join our high performing Fixed Income Trading Application Support Team. The role is focused on Level 1+ (Portfolio Manager/Trading) support of Millennium’s Rates, Credit, Mortgages, Commodities and FX trading...
$50k - $60k
*Job Seekers can review the Job Applicant Privacy Policy by clicking .***Summary**The Application Support Engineer I combines hands-on application support with engineering... ...including engineering, data, automation, and security-focused positions.**Essential Functions***...Full timeInternship- Ryder System, Inc. is seeking an Entry-Level Application Support Engineer I in Miami, Florida. In this role, you will provide hands-on application support, resolve production issues, and gain exposure to cutting-edge technologies. This position is part of Ryder's Technology...
- Accenture is seeking a Mainframe Application Programmer in Miami, Florida, to support and enhance critical applications using technologies like CICS, COBOL, and Db2. You will be key in ensuring application stability and compliance while providing L2/L3 production support...
$91.17k - $130.24k
...people to join our team. The ServiceNow Engineer is responsible for the configuration,... ...COTS) and Software-as-a-Service (SaaS) applications that power ChenMed’s clinical and business... ...to enhance solution scalability, security, and maintainability. Identifies opportunities...Hourly payFull timeWork at officeFlexible hoursWeekend workAfternoon shift$90.99k - $147.85k
Overview Sr. Applications Engineer - Electrical Pioneer the next generation of innovation. Join us and you’ll develop your skills and expertise to the very highest levels, working in an international environment for a company known the world over for its brilliance. Position...Contract workWorldwideWork visaFlexible hours$90.99k - $147.85k
Rolls-Royce Power Systems in Miami is seeking a Sr. Applications Engineer - Electrical to innovate within the power generation sector. This role involves managing project designs, interacting with clients, and ensuring compliance with engineering standards and codes. Candidates...$250k
...Job Description Job Description Sr. Applications Support Engineer |Cardone Training Technologies, Inc. (CTTI) — part of Cardone Enterprises... ...runs CTTI. You keep 300+ people productive, their identities secure, and their Macs compliant. When something breaks, you fix...Full timeContract workWork experience placementLocal areaWorldwideMonday to Friday- ...About Iru Iru is the AI-powered security & IT platform used by the world's fastest... ...and highly technical Security Automation Engineer to help shape the future of security... ...LLMs), AI agents, and AI-enabled business applications. ~ Experience implementing automation...Full timeWork at office3 days per week
- Hopper is looking for a Senior Security Engineer in Miami, Florida, to lead security initiatives. You’ll build tools and processes to integrate... ...and AI. The ideal candidate has extensive experience in application security and cloud infrastructure. The role offers...
- Restaurant Brands International is looking for a Lead Automation Engineer in Miami, FL. This role involves leading the design and automation of security processes across the cybersecurity ecosystem. Candidates should have over 3 years of experience in DevSecOps, strong...
- SwiftCruit is hiring a full-time AI Security Engineer Specialist to work at the University of Miami Health System's IT Department. This role is integral to the Security Operations Center, focusing on designing and optimizing AI-driven workflows to enhance security operations...Full time
$120k - $150k
Saragossa in Miami is seeking a Cyber Security Engineer in a hybrid role with a salary range of $120K-$150K. In this position, you'll build and enhance security systems across teams including Security Engineering and Threat Intelligence. The role focuses on cloud security...$165k - $175k
...Overview The IT Security Team is looking for a seasoned professional to support a passionate, innovative, and results driven team. The Senior Security Operations Center (SOC) Cloud Engineer is responsible for monitoring, detecting, and responding to threats in AWS and...Hourly payWork experience placementLocal areaRemote workNight shift- ...Title : Network Security Engineer Location : Miami, FL Hybrid Need local 12+ Months Contract Job Description - Specialization... ...with technical profiles such as Miguel Gallego, if applicable to the project # Added Value of the Profile...Contract workLocal areaRemote work
- Humana is seeking a Senior Offensive Security Engineer, AI-Driven Red Team & Tooling, to build and operate agentic tooling for offensive engagements and to validate guardrails in AI systems. You’ll lead end-to-end pentests, purple-team exercises, and red-team operations...
- We are seeking a Lead Roadway Design Engineer to support our Florida Transportation Team at the Miami, FL office. Summary Work with... ...training on assigned tasks. Adhere to WSP’s Code of Conduct and applicable policies. Perform additional responsibilities as required....Work at officeLocal areaFlexible hours
$90k - $140k
...competitive edge. Job Description As a Software Engineer for Alternative Asset Management... ...elegant engineering solutions. Internal applications are built using a highly scalable... ...technologies and services to build scalable and secure applications Build, support, and...Local area- WSP USA is seeking a Lead Roadway Design Engineer to join the Florida Transportation Team in Miami, focusing on roads, bridges, drainage, and ITS on state and municipal FDOT projects. You will lead design efforts, mentor staff, and collaborate on long-range plans with...
- Lead Roadway Design Engineer - Florida Transportation Team Qualified Lead Roadway Design Engineer needed to support our Florida Transportation... ..., and transportation channels to determine conformance with applicable rules, standards, and permits. Work collaboratively as part...Work at officeFlexible hours
$74.6k - $124.7k
The Solutions Engineering Analyst reports to the Director and will support the development of tailored solutions for new and existing global opportunities. The role partners with Business Leaders, Business Development, Account Executives, Workstream and Operational Leaders...Work at officeLocal areaWorldwide3 days per week- Assurant seeks a Solutions Engineering Analyst in Miami to support the development of tailored solutions for global opportunities, collaborating with business leaders and development teams. This hybrid role requires three days a week in-office attendance. Ideal candidates...Work at office3 days per week
- 3 days ago Be among the first 25 applicants We are looking for a haku technology expert to join our sales and marketing team as a Product Specialist / Solutions Engineer . The ideal candidate will utilize their product knowledge to provide cross-functional support to sales...Full timeWork at officeFlexible hours
- PayCargo is seeking a Senior Engineer in Cloud Security to strengthen security controls across its platform. This hands-on role will engage with various teams to monitor systems, ensure compliance, and implement robust security practices. The ideal candidate should possess...
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Application Security Engineer. Be the first to apply!
Related searches
- senior application support engineer Miami, FL
- application performance engineer Miami, FL
- application support engineer Miami, FL
- network applications engineer Miami, FL
- field applications engineer Miami, FL
- application security engineer Miami, FL
- senior application security engineer Miami, FL
- technical application engineer Miami, FL
- application engineer Miami, FL
- project application engineer Miami, FL

