Staff Software Engineer - Application Security (SAST, DAST, IAST)

This a a B2B Contract role working on site in Krakow, Poland

Location: Krakow - Hybrid, minimum 3 days a week in the Office

The Application Security Engineer will drive a 'Shift-Left' security approach by integrating automated security tooling into developer workflows and CI/CD pipelines, ensuring early detection and mitigation of vulnerabilities throughout the SDLC. You will work closely with product and development teams to ensure secure systems and applications. You will identify security improvement areas and drive high-impact security initiatives. This role involves educating engineers on security practices, conducting threat modeling, design reviews, code reviews, and addressing application security vulnerabilities.

The Security Operations team at Opendoor focuses on identifying and protecting assets, detecting anomalies and attacks, responding to compromise, and recovering from asset compromise in order to return the business to a steady state. The scope of the Security Operations team includes Application Security, Detection Operations, Incident Response, Infrastructure Security, Penetration Testing, Vulnerability Management, and Threat Intelligence. 

Here’s what you’ll be up to:

• Champion security design across application code and cloud infrastructure
• Implement and manage SAST, DAST and IAST tools for automated security testing.
• Evaluate and deploy security scanning tools (e.g., Snyk, Semgrep, GitHub Advanced Security, CodeQL).
• Provide architectural guidance and mentorship to up-level the security engineering organization.
• Identify and prioritize risks, attack surfaces, and vulnerabilities
• Perform security code reviews and advise developers on remediating vulnerabilities and following secure coding practices.
• Conduct research to identify new attack vectors
• Automated cloud security assessment and policy enforcement
• Educate engineers about common security issues
• Collaborate with teams to embed security throughout the software lifecycle
• Triaging vulnerabilities and tracking issues to resolution
• Manage the bug bounty program

We’re looking for someone who has:

• Bachelor's degree in Computer Science, Information Security, or a related field
• 7+ years of experience in application security
• Foundational knowledge of operating system security for Linux and of the CWE Top 25
• Experience in risk assessment, threat modeling, code reviews, incident response, and vulnerability management.
• Strong programming/scripting skills in Python, Golang, Ruby or similar languages.

Bonus If You Have

• An understanding of the value of usability and buy-in when it comes to security policy and practices
• A love of instrumentation and automation
• Knowledge of supply chain security (SBOM, sigstore, in-toto).
• Love for security at work and outside of work. As shown by: presenting at a known security conference, contributing to or creating open source security tools, contributing to the security community in general, etc.

 #LI-Hybrid, #LI-AC1

About Opendoor

Founded in 2014, Opendoor’s mission is to power life’s progress one move at a time. We believe the traditional real estate process is broken and our goal is simple: build a digital, end-to-end customer experience that makes buying and selling a home simple and certain. 

• To learn how we are reinventing the Real Estate industry check out our website. 
• Hear about our culture directly from team members by visiting The Muse. 
• Discover what we are building for our customers by reading our blog.

Opendoor Values Openness

We believe that being open about who we are and what we do allows us to be better. Individuals seeking employment at Opendoor are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, gender identity or other protected status under all applicable laws, regulations, and ordinances. We collect, use, and disclose applicant personal information as described in our personnel privacy policies. To learn more, you can find the policy details for California residents here and for Canada residents here.

We’re committed to Diversity, Equity, Inclusion, and Belonging

Opendoor is dedicated to creating an inclusive and collaborative culture. We value the diverse strengths, perspectives, and backgrounds of all our employees, and believe in empowering our teams to do their best work through teamwork and building a sense of belonging and trust. Our four employee-led Opendoor Employee Resource Groups amplify diverse voices and promote collaboration and inclusion. Our focus is on attracting and retaining exceptional talent, and we believe in empowering our employees to continuously innovate and strive for 1% improvement every day. You can find more information on our Career Page.

We are committed to assisting members of the military community in utilizing their skills at Opendoor. U.S. candidates are able to review your military job classification at MyNextMove.org and apply for positions that align with your expertise.

At Opendoor, we are committed to providing reasonable accommodations throughout our recruitment processes for candidates with disabilities, pregnancy, religious beliefs, or other reasons protected by applicable laws. If you require assistance or a reasonable accommodation, please contact us at TAops-accomodations@opendoor.com.