Application Security Engineer at Opendoor
San Francisco, CA, US
Are you intrigued by the thought of disrupting a trillion dollar industry through technology? At Opendoor, we’re on a mission to make it simple to buy and sell homes. The traditional process is broken, with an average home taking over 90 days to sell and costing thousands of dollars. We empower everyone with the freedom to move by making buying and selling a home stress-free and instant. We’ve built an exceptional team, seen strong growth, served over 80,000 customers (with an annual run rate of $5 billion), and raised $1.3 billion in funding. With Covid-19, the world is changing, and real estate is no exception. The coming years present a tremendous opportunity for innovation as we explore new frontiers and scale nationwide.
 
As our company grows, and we expand our security team, Opendoor is looking for exceptional Security Engineers specialized in Application Security. You’ll be joining a team where you have real ownership and a charter to champion best practices, drive change, and determine future policy. You’ll also contribute to our other security domains of governance and compliance, incident detection and response, infrastructure, and IT security -- so you’ll never end up working in a silo.

Your responsibilities include:

    • Engage in threat modeling exercises
    • Champion security design across Opendoor services
    • Automated assessment of software written in a variety of languages (e.g. Python, Ruby, golang)
    • Conduct continuous, automated dependency assessment and track remediation
    • Educating our engineers about the common security issues of today
    • Develop technical solutions to help mitigate security vulnerabilities and architectural weaknesses by: Building security services/libraries and/or integrating 3rd party security services/libraries
    • Triaging vulnerabilities and tracking issues to resolution
    • Bug bounty management
    • Building security incident detection and response capabilities

We're looking for teammates who have:

    • Bachelor's degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience
    • 5+ years work experience in Information Security
    • Understand the value of usability when it comes to security policy and practice
    • Strong communication skills
    • Expert level at formal threat modeling
    • Experience securing scalable web architectures and distributed systems
    • Experience educating engineers and business stakeholders about Security Best Practices
    • Deep understanding of the OWASP Top 10 vulnerabilities and scalable mitigations
    • Deep understanding of front end technologies, HTTP, web services, databases and how they all fit together
    • Expert level knowledge of both a scripting language (Ruby, Python, etc) and a higher-level language (e.g. Golang, Java, etc)
    • Experience detecting and responding to security incidents
    • A sense of ownership for everything you ship
    • A big-picture approach to solving security problems
    • Knowledge of PCI, SOC 2, and/or SOX controls

Bonus points:

    • An understanding of the value of usability and buy-in when it comes to security policy and practices
    • A love of instrumentation
    • Passion for automation
    • Experience with Security Best Practices for Cloud Infrastructures
    • Love for security at work and outside of work. As shown by: presenting at a known security conference, contributing to or creating open source security tools, contributing to the security community in general, etc.
Want to learn more about the work we are doing ? Check out our blog:
 
More About Us
Want to learn more about us and how we are revolutionizing the home buying and selling process? Learn more about us on our website, check out our profile on The Muse to learn more about our culture from our team members, or read our blog posts to hear about the work we are doing.
 
We Offer the Following Benefits and Perks:
- Full medical, dental, and vision with optional 70% coverage for dependents
- Flexible vacation policy
- Commuter Benefit stipend
- Generous parental leave
- Paid time off to volunteer
Please note that these benefits and perks are available only to Full Time team members and do not apply to contract roles.
 
Opendoor values Openness
Our team celebrates our diverse backgrounds. We believe that being open about who we are and what we do allows us to be better. Individuals seeking employment at Opendoor are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, gender identity or other protected status under all applicable laws, regulations, and ordinances.