Opendoor Logo

Opendoor

Infrastructure Security Engineer

Reposted 3 Days Ago
Be an Early Applicant
Hybrid
Toronto, ON
Senior level
Hybrid
Toronto, ON
Senior level
Design, operate, and improve cloud security for a multi-account AWS environment and Kubernetes clusters. Build detection, prevention, and automated remediation workflows, drive zero-trust access, shift-left security in pipelines, integrate cloud security tooling, mentor engineers, and partner with infrastructure teams on identity, networking, and secrets management.
The summary above was generated by AI

About Opendoor

At Opendoor our mission is to tilt the world in favor of homeowners and those who aim to become one. Homeownership matters. It's how people build wealth, stability, and community. It's how families put down roots, how neighborhoods strengthen, how the future gets built. We're building the modern system of homeownership giving people the freedom to buy and sell on their own terms. We’ve built an end-to-end online experience that has already helped thousands of people and we’re just getting started.

About The Role

Our Security Engineering team builds intelligent systems that protect Opendoor and our customers while enabling unprecedented engineering velocity. We apply software engineering and AI to solve security problems across product, infrastructure, and operations by building guardrails where they matter, not gates where they don't.

As our Infrastructure Security Engineer, you'll own the security of everything Opendoor runs on including multi-account AWS, Kubernetes clusters, the identity plane connecting every system, and the cloud workloads behind home acquisition, resale, mortgage, title, and escrow. There’s meaningful work already in motion and real room to define where it goes next.


What You'll Do

● Own the security architecture of our production cloud environment - AWS at the core, spanning multiple accounts, Kubernetes clusters, Terraform-managed infrastructure, and the identity plane that ties everything together.

● Evaluate, build out and operate our cloud security visibility and protection platform ensuring it’s deeply integrated into engineering workflows to drive the automated remediation of infrastructure risks.

● Define and drive our zero trust access strategy, integrating device trust and identity-aware proxies to provide seamless, secure access to Opendoor infrastructure.

● Harden our Kubernetes environment including RBAC, admission policies, workload identity, runtime protection, image signing, and base-image strategy on top of our Bottlerocket and Karpenter foundation.

● Build new agentic detection and response workflows using AWS native primitives that close the loop from alert to investigation to remediation.

● Drive a shift-left cloud security strategy within our pipelines using Terraform/Terrakube, GitHub Actions, Elastic Container Registry so that misconfigurations get caught at commit time.

● Partner with the Infrastructure team on cloud-native security decisions: VPC architecture, ingress, secrets management (Vault), service identity, and how Okta extends into AWS, Azure, and GCP.

● Run our cloud detection engineering: GuardDuty, Security Hub, CloudTrail, VPC flow logs — tuned for signal, integrated with Datadog and our incident response playbooks.

● Set the bar for what "secure by default" looks like for AI-maximalist engineering — vibe-coded apps, MCP servers, and agent-driven workflows that touch production cloud infrastructure.

● Mentor engineers across Opendoor on cloud security patterns, and turn the patterns you see into automated guardrails.


Tech Stack

● Cloud Platforms: AWS (primary), Azure, GCP

● Containers and Orchestration: EKS, Bottlerocket, Karpenter, Helm, Argo CD

● Identity and Access: Okta, Duo, AWS Identity Center, Okta for Kubernetes, Platform SSO (macOS), HashiCorp Vault

● Cloud Security Tooling: Lambda, GuardDuty, Security Hub, CloudTrail, Elastic Container Registry, VPC Flow Logs, Kinesis, GitHub Advanced Security, cloud security posture and workload protection platform

● Detection and Observability: Datadog, Cribl, S3

● Languages: Go, Python, TypeScript, Ruby, Terraform (HCL), Terrakube (self-hosted)

● AI Tooling: Claude Code, Claude Cowork, OpenAI, Codex, Bedrock, Runlayer MCP, custom agent frameworks


What You'll Need

● Deep conviction that AI and automation should eliminate manual work and increase the team's impact, and a track record to prove it. You’ve built agentic systems that replaced reactive security work, not just configured off-the-shelf tools.

● Comfort operating with high autonomy in ambiguous environments. You’ve defined what “good” looks like in a domain where no playbook existed, you’re energized by that, not unsettled by it. 

● Business enablement security mindset. You measure success by business impact and informed risk taking, not by tickets opened or compliance checklists completed.

● 5+ years of cloud or infrastructure security experience, with deep AWS expertise - you can read a CloudTrail event, write a service control policy, and explain why a particular identity trust policy is dangerous, all in the same conversation.

● Strong skills in at least one of Go, Python, or TypeScript, with the ability to read and write Terraform and shell scripts. You are a builder.

● Hands-on Kubernetes security experience — RBAC, network policies, admission control,workload identity, image and supply-chain security. 

● Experience deploying and operating cloud posture and workload protection tooling (Wiz, Prisma, Orca, Datadog, CrowdStrike Falcon Cloud, Lacework, or equivalent) with a strong opinion on what good looks like.

● Identity first security mindset and demonstrated ability to build identity and access management solutions at scale.

● Humility and genuine curiosity. You're as excited to learn from engineers across product and infrastructure and enable their work as you are to write detections or design guardrails.


Bonus Points

● Experience designing or operating Zero Trust Network Access (Cloudflare Access, Tailscale, Twingate, Google BeyondCorp, etc.).

● Detection engineering background with a threat modeling and adversarial mindset - writing detections that actually fire on real attacker behavior without burying the team in noise.

● Experience securing AI and machine learning pipelines, agent frameworks, or MCP-style integrations that touch production data.

● Familiarity with SOC 2, SOX, or other compliance frameworks in cloud environments and an instinct for when compliance work creates real security value.

● Open source contributions to cloud security tooling (Cartography, Prowler, ScoutSuite, Falco, Kyverno, Open Policy Agent, Checkov, etc.).


Location

This role is based in our downtown Toronto office, in-person four days per week (Monday, Tuesday, Thursday, Friday). Candidates must be based within commuting distance of the office.


Similar Jobs at Opendoor

13 Hours Ago
Hybrid
Senior level
Senior level
eCommerce • Fintech • Real Estate • Software • PropTech
The role involves building AI-powered analytics tools, proactive intelligence systems, and automating decision processes based on data-driven insights to drive business impact at Opendoor.
Top Skills: AirflowBigQueryDbtPythonSnowflakeSQL
13 Hours Ago
Hybrid
Mid level
Mid level
eCommerce • Fintech • Real Estate • Software • PropTech
The Corp Dev Associate will identify and structure strategic partnerships, evaluate opportunities, build financial models, lead due diligence, and develop executive materials while managing relationships with partners.
Top Skills: Financial Modeling
13 Hours Ago
Hybrid
Senior level
Senior level
eCommerce • Fintech • Real Estate • Software • PropTech
The Payroll and Equity Specialist will process payroll, resolve discrepancies, manage equity workflows, ensure compliance, and provide excellent employee support.
Top Skills: E*TradeGoogle SuiteMS Office

What you need to know about the Calgary Tech Scene

Employees can spend up to one-third of their life at work, so choosing the right company is crucial, not just for the job itself but for the company culture as well. While startups often offer dynamic culture and growth opportunities, large corporations provide benefits like career development and networking, especially appealing to recent graduates. Fortunately, Calgary stands out as a hub for both, recognized as one of Startup Genome's Top 100 Emerging Ecosystems, while also playing host to a number of multinational enterprises. In Calgary, job seekers can find a wide range of opportunities.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account