Job Description
About Opendoor
At Opendoor our mission is to tilt the world in favor of homeowners and those who aim to become one. Homeownership matters. It's how people build wealth stability and community. It's how families put down roots how neighborhoods strengthen how the future gets built. We're building the modern system of homeownership giving people the freedom to buy and sell on their own terms. We’ve built an end-to-end online experience that has already helped thousands of people and we’re just getting started.
About The Role
Our Security Engineering team builds intelligent systems that protect Opendoor and our customers while enabling unprecedented engineering velocity. We apply software engineering and AI to solve security problems across product infrastructure and operations by building guardrails where they matter not gates where they don't.
As our Infrastructure Security Engineer you'll own the security of everything Opendoor runs on including multi-account AWS Kubernetes clusters the identity plane connecting every system and the cloud workloads behind home acquisition resale mortgage title and escrow. There’s meaningful work already in motion and real room to define where it goes next.
What You'll Do
● Own the security architecture of our production cloud environment - AWS at the core spanning multiple accounts Kubernetes clusters Terraform-managed infrastructure and the identity plane that ties everything together.
● Evaluate build out and operate our cloud security visibility and protection platform ensuring it’s deeply integrated into engineering workflows to drive the automated remediation of infrastructure risks.
● Define and drive our zero trust access strategy integrating device trust and identity-aware proxies to provide seamless secure access to Opendoor infrastructure.
● Harden our Kubernetes environment including RBAC admission policies workload identity runtime protection image signing and base-image strategy on top of our Bottlerocket and Karpenter foundation.
● Build new agentic detection and response workflows using AWS native primitives that close the loop from alert to investigation to remediation.
● Drive a shift-left cloud security strategy within our pipelines using Terraform/Terrakube GitHub Actions Elastic Container Registry so that misconfigurations get caught at commit time.
● Partner with the Infrastructure team on cloud-native security decisions: VPC architecture ingress secrets management (Vault) service identity and how Okta extends into AWS Azure and GCP.
● Run our cloud detection engineering: GuardDuty Security Hub CloudTrail VPC flow logs — tuned for signal integrated with Datadog and our incident response playbooks.
● Set the bar for what "secure by default" looks like for AI-maximalist engineering — vibe-coded apps MCP servers and agent-driven workflows that touch production cloud infrastructure.
● Mentor engineers across Opendoor on cloud security patterns and turn the patterns you see into automated guardrails.
Tech Stack
● Cloud Platforms: AWS (primary) Azure GCP
● Containers and Orchestration: EKS Bottlerocket Karpenter Helm Argo CD
● Identity and Access: Okta Duo AWS Identity Center Okta for Kubernetes Platform SSO (macOS) HashiCorp Vault
● Cloud Security Tooling: Lambda GuardDuty Security Hub CloudTrail Elastic Container Registry VPC Flow Logs Kinesis GitHub Advanced Security cloud security posture and workload protection platform
● Detection and Observability: Datadog Cribl S3
● Languages: Go Python TypeScript Ruby Terraform (HCL) Terrakube (self-hosted)
● AI Tooling: Claude Code Claude Cowork OpenAI Codex Bedrock Runlayer MCP custom agent frameworks
What You'll Need
● Deep conviction that AI and automation should eliminate manual work and increase the team's impact and a track record to prove it. You’ve built agentic systems that replaced reactive security work not just configured off-the-shelf tools.
● Comfort operating with high autonomy in ambiguous environments. You’ve defined what “good” looks like in a domain where no playbook existed you’re energized by that not unsettled by it.
● Business enablement security mindset. You measure success by business impact and informed risk taking not by tickets opened or compliance checklists completed.
● 5+ years of cloud or infrastructure security experience with deep AWS expertise - you can read a CloudTrail event write a service control policy and explain why a particular identity trust policy is dangerous all in the same conversation.
● Strong skills in at least one of Go Python or TypeScript with the ability to read and write Terraform and shell scripts. You are a builder.
● Hands-on Kubernetes security experience — RBAC network policies admission controlworkload identity image and supply-chain security.
● Experience deploying and operating cloud posture and workload protection tooling (Wiz Prisma Orca Datadog CrowdStrike Falcon Cloud Lacework or equivalent) with a strong opinion on what good looks like.
● Identity first security mindset and demonstrated ability to build identity and access management solutions at scale.
● Humility and genuine curiosity. You're as excited to learn from engineers across product and infrastructure and enable their work as you are to write detections or design guardrails.
Bonus Points
● Experience designing or operating Zero Trust Network Access (Cloudflare Access Tailscale Twingate Google BeyondCorp etc.).
● Detection engineering background with a threat modeling and adversarial mindset - writing detections that actually fire on real attacker behavior without burying the team in noise.
● Experience securing AI and machine learning pipelines agent frameworks or MCP-style integrations that touch production data.
● Familiarity with SOC 2 SOX or other compliance frameworks in cloud environments and an instinct for when compliance work creates real security value.
● Open source contributions to cloud security tooling (Cartography Prowler ScoutSuite Falco Kyverno Open Policy Agent Checkov etc.).
Location
This role is based in our Seattle office in-person four days per week (Monday Tuesday Thursday Friday). Candidates must be based within commuting distance of the office.
Skills Required
- 5+ years of cloud or infrastructure security experience with deep AWS expertise
- Strong skills in at least one of Go Python or TypeScript
- Ability to read and write Terraform (HCL) and shell scripts
- Hands-on Kubernetes security experience (RBAC network policies admission control workload identity image/supply-chain security)
- Experience deploying and operating cloud posture and workload protection tooling (Wiz Prisma Orca CrowdStrike Falcon Lacework or equivalent)
- Identity-first security mindset and demonstrated ability to build IAM solutions at scale (Okta AWS Identity Center etc.)
- Experience with cloud detection and observability (GuardDuty Security Hub CloudTrail VPC flow logs) and integration with Datadog/incident playbooks
- Proven track record building automation/agentic systems replacing manual security work
- Comfort operating with high autonomy in ambiguous environments and business-enablement security mindset
- Hands-on familiarity with container registries and CI/CD security (Elastic Container Registry GitHub Actions GitHub Advanced Security)
What the Team is Saying



Opendoor Compensation & Benefits Highlights
- Healthcare Strength—Medical dental and vision insurance are standard alongside mental‑health resources life and disability coverage and FSA options. These elements indicate a comprehensive health and wellness package.
- Parental & Family Support—Parental leave fertility and adoption assistance and family medical leave are highlighted. Paid volunteer time and flexible work arrangements further support family needs.
- Equity Value & Accessibility—Equity grants are offered and an active Employee Stock Purchase Plan provides discounted share access. Role descriptions referencing ESPP administration reinforce that these ownership programs are in operation.
Opendoor Insights
What We Do
Founded in 2014 Opendoor’s mission is to empower everyone with the freedom to move. We believe the traditional real estate process is broken and confusing. It often comes with unexpected costs the added burden of coordinating multiple third parties and the uncertainty of a transaction falling through. Our goal is simple: build a digital end-to-end customer experience that makes buying and selling a home simple certain and fast. We have assembled a dedicated team with diverse backgrounds and talents across engineering operations design operations mortgage finance legal and more to deliver strong results. More than 85000 customers have selected us as a trusted partner in handling one of their largest financial transactions.
Why Work With Us
We’re on a mission to power life’s progress one move at a time
Gallery
Opendoor Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.






Explore More
Date Posted
07/02/2026
Views
0