1

Exploit Developer Jobs in Florida (NOW HIRING)

Application Security Engineer

Miami, FL · On-site

$56.25 - $75/hr

... developer workflows where engineers already live (GitHub, Linear, Slack). • Own and mature our ... Claude, OpenAI, various agent frameworks, MCP - used heavily for vulnerability triage, exploit ...

Software Reverse Engineer

Melbourne, FL · On-site

$112K - $154K/yr

Reverse engineering complex software or firmware targets, ranging from typical Windows/Linux ... Performing vulnerability weaponization, exploit development, payload development, and exploit ...

Reverse engineering complex software or firmware targets, ranging from typical Windows/Linux ... Performing vulnerability weaponization, exploit development, payload development, and exploit ...

Apply Early

Senior Vulnerability Research Engineer (P3) Vulnerability Researcher: Use advanced systems to find ... Experience with exploit development, Hack The Box, etc... * Experience reading or writing assembly

next page

Showing results 1-20

Exploit Developer information

See Florida salary details

$12

$39

$61

How much do exploit developer jobs pay per hour?

As of Jul 3, 2026, the average hourly pay for exploit developer in Florida is $39.49, according to ZipRecruiter salary data. Most workers in this role earn between $30.19 and $48.32 per hour, depending on experience, location, and employer.

What are some common challenges faced by Exploit Developers, and how do teams typically address them?

Exploit Developers often encounter complex and evolving security architectures, which require continuous learning and adaptation to stay ahead of new safeguards and patch mechanisms. Collaborative troubleshooting, regular knowledge sharing, and working closely with security researchers and penetration testers are common approaches teams use to overcome obstacles. Many organizations foster a supportive environment, providing access to the latest research, tools, and test labs to encourage innovation and success. This collaborative and dynamic atmosphere helps Exploit Developers keep their skills sharp and deliver high-impact results.

What is an Exploit Developer job?

An Exploit Developer is a cybersecurity professional who researches and develops exploits to identify security vulnerabilities in systems, applications, or networks. They analyze software and hardware for weaknesses, create proof-of-concept exploits, and work with security teams to patch vulnerabilities before malicious hackers can exploit them. This role requires deep knowledge of programming, reverse engineering, and security protocols. Some exploit developers work in ethical hacking or penetration testing, while others conduct research for security firms, government agencies, or cybersecurity vendors.

What are the key skills and qualifications needed to thrive in the Exploit Developer position, and why are they important?

To thrive as an Exploit Developer, you need a strong background in computer science, reverse engineering, low-level programming (C/C++, Assembly), and vulnerability analysis. Familiarity with tools such as IDA Pro, Ghidra, Metasploit, and debuggers, along with relevant certifications like OSCP or GREM, is highly beneficial. Analytical thinking, persistence, excellent problem-solving, and clear documentation skills set outstanding professionals apart in this field. These abilities are essential for identifying and leveraging system weaknesses effectively and collaborating securely within advanced security teams.

What are the most commonly searched types of Exploit Developer jobs in Florida? The most popular types of Exploit Developer jobs in Florida are:
What are popular job titles related to Exploit Developer jobs in Florida? For Exploit Developer jobs in Florida, the most frequently searched job titles are:
What job categories do people searching Exploit Developer jobs in Florida look for? The top searched job categories for Exploit Developer jobs in Florida are:
Infographic showing various Exploit Developer job openings in Florida as of June 2026, with employment types broken down into 85% Full Time, 3% Part Time, and 12% Contract. Highlights an 83% Physical, 4% Hybrid, and 13% Remote job distribution, with an average salary of $82,131 per year, or $39.5 per hour.
Application Security Engineer

Application Security Engineer

Opendoor

Miami, FL • On-site

$56.25 - $75/hr

Full-time

Posted 24 days ago


Job description

About Opendoor
At Opendoor our mission is to tilt the world in favor of homeowners and those who aim to become one. Homeownership matters. It's how people build wealth, stability, and community. It's how families put down roots, how neighborhoods strengthen, how the future gets built. We're building the modern system of homeownership giving people the freedom to buy and sell on their own terms. We've built an end-to-end online experience that has already helped thousands of people and we're just getting started.
About The Role
Our Security Engineering team builds intelligent systems that protect Opendoor and our customers while enabling unprecedented engineering velocity. We apply software engineering and AI to solve security problems across product, infrastructure, and operations by building guardrails where they matter, not gates where they don't.
As our Application Security Engineer, you'll own how we find, prioritize, and drive down application-layer risk across the consumer flows that put cash offers in homeowners' hands, the GraphQL APIs that power our products, and the AI agents and vibe-coded tools our engineers ship every week. The job is to make it safe to build fast, not to slow things down.
What You'll Do
• Define, build and operate Opendoor's application vulnerability identification capability - the tooling, triage workflow and remediation techniques across our consumer products, internal admin tools and GraphQL API powering home acquisition, resale, mortgage, title and escrow.
• Assess, rationalize and own our AppSec tooling stack - static and dynamic security testing, software supply chain risk detection and secrets scanning and integrate findings into developer workflows where engineers already live (GitHub, Linear, Slack).
• Own and mature our HackerOne program: tightening the triage workflow, improving signal to noise on incoming reports, strengthening researcher relationships and closing the loop with engineering teams so root causes get addressed quickly.
• Lead threat modeling and security design reviews for new services, APIs, and mobile features. Turn the patterns you see into rules, lint checks, and CI guardrails so the next team doesn't make the same mistake.
• Build AI agents and automated workflows that triage vulnerability reports, validate exploit reproductions, and draft remediation pull requests, replacing manual security review with high-signal automation.
• Partner with engineering teams to harden authentication, authorization, and input validation across our codebase and production services, including the GraphQL gateway (Apollo) and our Kubernetes workloads - while driving a shift-left strategy that catches vulnerabilities before they ship.
• Build Opendoor's offensive security capability. Scope and run internal security testing, red team exercises and adversarial analysis of our highest-risk flows ensuring findings directly harden detection and response.
• Set the bar for what "secure by default" looks like for AI-maximalist engineering, including vibe-coded apps, MCP servers, and agent-driven workflows that touch production data.
• Build Opendoor's security culture by establishing secure design standards, embedding into engineering team rituals and developing a strong security mindset - creating a foundation for engineers to think like attackers without slowing down.
Tech Stack
• Languages: Go, Python, TypeScript, Ruby, Terraform
• Cloud: AWS, GCP, Azure, Kubernetes, Apollo GraphQL
• AppSec Tooling: GitHub Advanced Security (CodeQL, Dependabot, secret scanning), Semgrep, HackerOne, Burp Suite, Cloudflare WAF
• AI Tooling: Claude, OpenAI, various agent frameworks, MCP - used heavily for vulnerability triage, exploit verification, and remediation drafting
What You'll Need
• Deep conviction that AI and automation should eliminate manual work and increase the team's impact, and a track record to prove it. You've built agentic systems that replaced reactive security work, not just configured off-the-shelf tools.
• Comfort operating with high autonomy in ambiguous environments. You've defined what "good" looks like in a domain where no playbook existed, you're energized by that, not unsettled by it.
• Business enablement security mindset. You measure success by business impact and informed risk-taking, not by tickets opened or pen test reports filed.
• 5+ years of application security or software engineering experience with a security focus, with strong skills in at least one of Python, Go, TypeScript, or Ruby, and the ability to read and write code across the others.
• Hands-on expertise across the security risk detection toolchain with real deployment experience using GitHub Advanced Security, Semgrep, or equivalent.
• Strong grasp of common application and API vulnerability classes including GraphQL, REST, and gRPC security pitfalls - broken authorization, mass assignment, introspection exposure, insecure direct object references.
• Practical threat modeling skills. You can take an architecture diagram and a 30-minute conversation and walk out with the three things that actually matter.
• Experience with cloud and container security on AWS and Kubernetes, including identity and access management, secrets management, and continuous integration / continuous deployment pipeline security.
• Humility and genuine curiosity. You're as excited to learn from product engineers and enable their work as you are to break things.
Bonus Points
• Offensive security experience including pentesting, API security, or mobile security, and/or red team operations.
• Experience running a bug bounty or coordinated disclosure program at scale.
• Mobile application security review experience (iOS and Android).
• Experience securing AI and machine learning pipelines, agent frameworks, or MCP-style integrations.
• OSCP, OSWE, or similar offensive certifications.
Location
This role is based in our downtown Miami office, in-person four days per week (Monday, Tuesday, Thursday, Friday). Candidates must be based within commuting distance of the office.