Application Security Engineer

3+ months agoSan Francisco, CA
About Opendoor:  
Founded in 2014, Opendoor’s mission is to empower everyone with the freedom to move. We believe the traditional real estate process is broken and our goal is simple: build a digital, end-to-end customer experience that makes buying and selling a home simple, certain and fast. We have assembled a dedicated team with diverse backgrounds to support more than 100,000 homes bought and sold with us and the customers who have selected Opendoor as a trusted partner in handling one of their largest financial transactions. But the work is far from over as we continue to grow in new markets. Transforming the real estate industry takes tenacity and dedication. It takes problem solvers and builders. It takes a tight knit community of teammates doing the best work of their lives, pushing one another to transform a complicated process into a simple one.  So where do you fit in? Whether you’re passionate about real estate, people, numbers, words, code, or strategy -- we have a place for you. Real estate is broken. Come help us fix it.

As our company grows, and we expand our security team, Opendoor is looking for exceptional Security Engineers specialized in Application Security. You’ll be joining a team where you have real ownership and a charter to champion best practices, drive change, and determine future policy. You’ll also contribute to our other security domains of governance and compliance, incident detection and response, infrastructure, and IT security -- so you’ll never end up working in a silo.

Your responsibilities include:

  • Experience with formal threat modeling
  • Champion security design across Opendoor services
  • Automated assessment of software written in a variety of languages (e.g. Python, Ruby, golang)
  • Conduct continuous, automated dependency assessment and track remediation
  • Educating our engineers about the common security issues of today
  • Develop technical solutions to help mitigate security vulnerabilities and architectural weaknesses by: Building security services/libraries and/or integrating 3rd party security services/libraries
  • Triaging vulnerabilities and tracking issues to resolution
  • Bug bounty management
  • Building security incident detection and response capabilities

We're looking for teammates who have:

  • Bachelor's degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience
  • 5+ years work experience in Information Security
  • Understand the value of usability when it comes to security policy and practice
  • Strong communication skills
  • Expert level at formal threat modeling
  • Experience securing scalable web architectures and distributed systems
  • Experience educating engineers and business stakeholders about Security Best Practices
  • Deep understanding of the OWASP Top 10 vulnerabilities and scalable mitigations
  • Deep understanding of front end technologies, HTTP, web services, databases and how they all fit together
  • Expert level knowledge of both a scripting language (Ruby, Python, etc) and a higher-level language (e.g. Golang, Java, etc)
  • Experience detecting and responding to security incidents
  • A sense of ownership for everything you ship
  • A big-picture approach to solving security problems
  • Knowledge of PCI, SOC 2, and/or SOX controls

Bonus points:

  • An understanding of the value of usability and buy-in when it comes to security policy and practices
  • A love of instrumentation
  • Passion for automation
  • Experience with Security Best Practices for Cloud Infrastructures
  • Love for security at work and outside of work. As shown by: presenting at a known security conference, contributing to or creating open source security tools, contributing to the security community in general, etc.

Want to learn more about the work we are doing ? Check out our blog:

More About Us:
Want to learn more about us and how we are revolutionizing the home buying and selling process? Learn more about us on our website, check out our profile on The Muse to learn more about our culture from our team members, or read our blog posts to hear about the work we are doing.

We Offer the Following Benefits and Perks:
- Full medical, dental, and vision with optional 70% coverage for dependents
- Flexible vacation policy
- Generous parental leave
- Paid time off to volunteer
Please note that these benefits and perks are available only to Full Time team members and do not apply to contract roles.

Opendoor Values Openness:
Our team celebrates our diverse backgrounds. We believe that being open about who we are and what we do allows us to be better. Individuals seeking employment at Opendoor are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, gender identity or other protected status under all applicable laws, regulations, and ordinances. For California residents: for more information about the categories of personal information that we collect for recruiting purposes, please see our personnel Privacy Policy.

Job ID: 38f794ed-ebfa-47cf-861c-2f6f965cbb06