Application Developer Manager Jobs in Miami, FL (NOW HIRING)

Job Summary:
Opendoor is on a mission to reshape homeownership and is seeking an Application Security Engineer to enhance their security engineering efforts. The role involves owning the security of applications, identifying vulnerabilities, and integrating security tools into development workflows to ensure a secure environment for their online platform.
Responsibilities:
• Find and fix application vulnerabilities across our consumer products, internal admin tools, and the GraphQL APIs powering home acquisition, resale, mortgage, title, and escrow.
• Own and evolve our AppSec tooling stack — SAST/DAST, SCA and secrets scanning — and integrate findings into developer workflows where engineers already live (pull requests, Linear, Slack).
• Run our HackerOne program: triage incoming reports, validate exploits, route fixes to product engineering teams, and determine root causes so we can stamp them out at the source.
• Lead threat modeling and security design reviews for new services, APIs, and mobile features — and turn the patterns you see into rules, lint checks, and CI guardrails so the next team doesn't make the same mistake.
• Build AI agents and automated workflows that triage vulnerability reports, validate exploit reproductions, and draft remediation PRs — replacing manual security review with high-signal automation.
• Partner with engineering teams to harden authentication, authorization, and input validation across our Ruby monolith and Go/Python/TypeScript services, including the GraphQL gateway (Apollo) and our EKS workloads - while driving a shift-left strategy to identify vulnerabilities earlier in the development lifecycle.
• Stand up a credible offensive security capability — internal pentesting, red team exercises, and adversarial analysis of high-risk flows (wire fraud, agent unlocks, identity verification) -- leveraging purple team exercises to ensure offensive findings are directly translated into hardened detection and response capabilities.
• Set the bar for what "secure by default" looks like for AI-maximalist engineering, including vibe-coded apps, MCP servers, and agent-driven workflows that touch production data.
• Mentor engineers across the company in secure design, code review, and how to think like an attacker.
Qualifications:
Required:
• Deep conviction that AI and automation should eliminate manual work humans shouldn't be doing anyway. You're excited to replace developer toil and reactive vuln triage with automated systems, guardrails, and agents.
• Business enablement security mindset — you measure success by business impact and informed risk-taking, not by tickets opened or pen test reports filed.
• 5+ years of application security or software engineering experience with a security focus, with strong skills in at least one of Python, Go, TypeScript, or Ruby — and the ability to read and write code across the others.
• Hands-on expertise across the SAST/DAST/SCA toolchain, with real deployment experience using GitHub Advanced Security, Semgrep, or equivalent.
• Strong grasp of common application vulnerability classes (OWASP Top 10, OWASP API Security Top 10), with particular fluency in GraphQL, REST, and gRPC security pitfalls — broken authorization, mass assignment, introspection exposure, IDORs.
• Practical threat modeling skills — you can take an architecture diagram and a 30-minute conversation and walk out with the three things that actually matter.
• Experience with cloud and container security on AWS and Kubernetes, including IAM, secrets management, and CI/CD pipeline security.
• Humility and genuine curiosity — you're as excited to learn from product engineers and enable their work as you are to break things.
Preferred:
• Offensive security experience — pentesting web apps, APIs, or mobile, and/or red team operations.
• Experience running a bug bounty or coordinated disclosure program at scale.
• Mobile application security review experience (iOS and Android).
• Experience securing AI/ML pipelines, agent frameworks, or MCP-style integrations.
• OSCP, OSWE, or similar offensive certifications.
Company:
Founded in 2014, Opendoor’s mission is to power life’s progress one move at a time. Founded in 2014, the company is headquartered in Tempe, USA, with a team of 1001-5000 employees. The company is currently Late Stage.