Staff Software Engineer - Application Security (SAST, DAST, IAST)

5 Days ago • 7 Years +

Job Summary

Job Description

The Application Security Engineer will drive a 'Shift-Left' security approach by integrating automated security tooling into developer workflows and CI/CD pipelines. They will ensure early detection and mitigation of vulnerabilities throughout the SDLC, working with product and development teams to ensure secure systems and applications. This role involves educating engineers on security practices, conducting threat modeling, design reviews, code reviews, and addressing application security vulnerabilities. Responsibilities include implementing and managing security testing tools (SAST, DAST, IAST), providing architectural guidance, identifying risks, and performing code reviews. Additionally, the role involves educating engineers about security issues, collaborating with teams to embed security throughout the software lifecycle, and managing a bug bounty program.
Must have:
  • 7+ years of experience in application security
  • Foundational knowledge of operating system security for Linux
  • Experience in risk assessment and vulnerability management
  • Strong programming/scripting skills in Python or similar languages
Good to have:
  • Understanding of usability and buy-in for security policy
  • Love for instrumentation and automation
  • Knowledge of supply chain security (SBOM, sigstore, in-toto)

Job Details

This a a B2B Contract role working on site in Krakow, Poland

Location: Krakow - Hybrid, minimum 3 days a week in the Office

The Application Security Engineer will drive a 'Shift-Left' security approach by integrating automated security tooling into developer workflows and CI/CD pipelines, ensuring early detection and mitigation of vulnerabilities throughout the SDLC. You will work closely with product and development teams to ensure secure systems and applications. You will identify security improvement areas and drive high-impact security initiatives. This role involves educating engineers on security practices, conducting threat modeling, design reviews, code reviews, and addressing application security vulnerabilities.

The Security Operations team at Opendoor focuses on identifying and protecting assets, detecting anomalies and attacks, responding to compromise, and recovering from asset compromise in order to return the business to a steady state. The scope of the Security Operations team includes Application Security, Detection Operations, Incident Response, Infrastructure Security, Penetration Testing, Vulnerability Management, and Threat Intelligence. 

Here’s what you’ll be up to:

  • Champion security design across application code and cloud infrastructure
  • Implement and manage SAST, DAST and IAST tools for automated security testing.
  • Evaluate and deploy security scanning tools (e.g., Snyk, Semgrep, GitHub Advanced Security, CodeQL).
  • Provide architectural guidance and mentorship to up-level the security engineering organization.
  • Identify and prioritize risks, attack surfaces, and vulnerabilities
  • Perform security code reviews and advise developers on remediating vulnerabilities and following secure coding practices.
  • Conduct research to identify new attack vectors
  • Automated cloud security assessment and policy enforcement
  • Educate engineers about common security issues
  • Collaborate with teams to embed security throughout the software lifecycle
  • Triaging vulnerabilities and tracking issues to resolution
  • Manage the bug bounty program

 

We’re looking for someone who has:

  • Bachelor's degree in Computer Science, Information Security, or a related field
  • 7+ years of experience in application security
  • Foundational knowledge of operating system security for Linux and of the CWE Top 25
  • Experience in risk assessment, threat modeling, code reviews, incident response, and vulnerability management.
  • Strong programming/scripting skills in Python, Golang, Ruby or similar languages.

 

Bonus If You Have

  • An understanding of the value of usability and buy-in when it comes to security policy and practices
  • A love of instrumentation and automation
  • Knowledge of supply chain security (SBOM, sigstore, in-toto).
  • Love for security at work and outside of work. As shown by: presenting at a known security conference, contributing to or creating open source security tools, contributing to the security community in general, etc.

 #LI-Hybrid, #LI-AC1

About Opendoor

Founded in 2014, Opendoor’s mission is to power life’s progress one move at a time. We believe the traditional real estate process is broken and our goal is simple: build a digital, end-to-end customer experience that makes buying and selling a home simple and certain. 

  • To learn how we are reinventing the Real Estate industry check out our website
  • Hear about our culture directly from team members by visiting The Muse
  • Discover what we are building for our customers by reading our blog.

Opendoor Values Openness

We believe that being open about who we are and what we do allows us to be better. Individuals seeking employment at Opendoor are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, gender identity or other protected status under all applicable laws, regulations, and ordinances. We collect, use, and disclose applicant personal information as described in our personnel privacy policies. To learn more, you can find the policy details for California residents here and for Canada residents here.

We’re committed to Diversity, Equity, Inclusion, and Belonging

Opendoor is dedicated to creating an inclusive and collaborative culture. We value the diverse strengths, perspectives, and backgrounds of all our employees, and believe in empowering our teams to do their best work through teamwork and building a sense of belonging and trust. Our four employee-led Opendoor Employee Resource Groups amplify diverse voices and promote collaboration and inclusion. Our focus is on attracting and retaining exceptional talent, and we believe in empowering our employees to continuously innovate and strive for 1% improvement every day. You can find more information on our Career Page.

We are committed to assisting members of the military community in utilizing their skills at Opendoor. U.S. candidates are able to review your military job classification at MyNextMove.org and apply for positions that align with your expertise.

At Opendoor, we are committed to providing reasonable accommodations throughout our recruitment processes for candidates with disabilities, pregnancy, religious beliefs, or other reasons protected by applicable laws. If you require assistance or a reasonable accommodation, please contact us at TAops-accomodations@opendoor.com.

Similar Jobs

Adobe - Cyber Defense Analyst

Adobe

Lehi, Utah, United States (On-Site)
2 Weeks ago
OKX - Security Operations Manager

OKX

Hong Kong, Hong Kong (On-Site)
2 Weeks ago
NBC universal - Systems Engineer

NBC universal

Centennial, Colorado, United States (On-Site)
4 Weeks ago
PwC - Cloud Security | Manager | Cyber Security | Technology Consulting

PwC

Dublin, County Dublin, Ireland (On-Site)
7 Months ago
Thatgamecompany - Senior DevOps Engineer (LiveOps)

Thatgamecompany

Shanghai, Shanghai, China (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Zurora - Site Reliability Engineer II

Zurora

Chennai, Tamil Nadu, India (Hybrid)
1 Week ago
Veeam Software - Tech/SecOps Engineer

Veeam Software

(Remote)
2 Weeks ago
Ajmera Infotech - Kubernetes Experts

Ajmera Infotech

Hyderabad, Telangana, India (On-Site)
6 Months ago
Demandbase - Manager, Database Reliability Engineering (DBRE)

Demandbase

(Remote)
2 Weeks ago
Google - Insider Risk Analyst

Google

Hyderabad, Telangana, India (On-Site)
1 Month ago
Warner Bros Games - Senior Software Engineer

Warner Bros Games

(Hybrid)
4 Months ago
Crunchyroll - Customer Experience Operations Analyst

Crunchyroll

Culver City, California, United States (On-Site)
3 Months ago
Saviynt - Technical Lead, Professional Services

Saviynt

Atlanta, Georgia, United States (Remote)
7 Months ago
Interactive Brokers - Associate General Counsel – eDiscovery

Interactive Brokers

Greenwich, Connecticut, United States (Hybrid)
2 Weeks ago
Extreme Network - Product Security Engineer

Extreme Network

Raleigh, North Carolina, United States (Hybrid)
2 Weeks ago

Get notifed when new similar jobs are uploaded

Jobs in Kraków, Lesser Poland Voivodeship, Poland

Immersion Labs - Mid/Senior Unity Developer

Immersion Labs

Warsaw, Masovian Voivodeship, Poland (Hybrid)
3 Months ago
Techland - Game Data Analyst

Techland

Wrocław, Lower Silesian Voivodeship, Poland (Hybrid)
1 Month ago
Techland - Junior Office Assistant

Techland

Warsaw, Masovian Voivodeship, Poland (On-Site)
1 Week ago
Aptive - Camera Systems Engineer - Intern

Aptive

Kraków, Lesser Poland Voivodeship, Poland (On-Site)
1 Week ago
INTEL - System and Hardware Enabling Engineer

INTEL

Gdańsk, Pomeranian Voivodeship, Poland (Hybrid)
2 Weeks ago
PwC - Starszy Konsultant / Starsza Konsultantka | Audyt

PwC

Warsaw, Masovian Voivodeship, Poland (Hybrid)
7 Months ago
Sperasoft - Associate Project Manager

Sperasoft

Lesser Poland Voivodeship, Poland (Hybrid)
2 Months ago
Room 8 Studio - Development Production Director

Room 8 Studio

Poland (On-Site)
3 Weeks ago
CD PROJEKT RED - Publishing QA Manager

CD PROJEKT RED

Warsaw, Masovian Voivodeship, Poland (Hybrid)
1 Week ago
PwC - Senior Workday Talent and Learning Consultant

PwC

Warsaw, Masovian Voivodeship, Poland (Hybrid)
7 Months ago

Get notifed when new similar jobs are uploaded

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

San Francisco, California, United States (Hybrid)

Kraków, Lesser Poland Voivodeship, Poland (Hybrid)

San Francisco, California, United States (Hybrid)

San Francisco, California, United States (Hybrid)

Kraków, Lesser Poland Voivodeship, Poland (Hybrid)

Kraków, Lesser Poland Voivodeship, Poland (Hybrid)

Kraków, Lesser Poland Voivodeship, Poland (Hybrid)

Phoenix, Arizona, United States (Hybrid)

San Francisco, California, United States (Hybrid)

View All Jobs

Get notified when new jobs are added by Opendoor

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug