×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Systems Engineer Cloud Computing

Cloud Security Engineer

Job in Seattle, King County, Washington, 98127, USA
Listing for: Opendoor
Full Time position
Listed on 2026-06-04
Job specializations:
  • IT/Tech
    Systems Engineer, Cloud Computing
Salary/Wage Range or Industry Benchmark: 120000 - 150000 USD Yearly USD 120000.00 150000.00 YEAR
Job Description & How to Apply Below

About Opendoor

At Opendoor our mission is to tilt the world in favor of homeowners and those who aim to become one. Home ownership matters. It's how people build wealth, stability, and community. It's how families put down roots, how neighborhoods strengthen, how the future gets built. We're building the modern system of home ownership giving people the freedom to buy and sell on their own terms.

We’ve built an end-to-end online experience that has already helped thousands of people and we’re just getting started.

About the Role (Hybrid 4 days onsite, 1 remote)

At Opendoor our goal is to build the biggest, most trusted housing platform and set a new standard for how people move. We’ve combined our deep, proprietary data and operational expertise with the power of artificial intelligence to make online home selling and buying radically simple.

Our Security Engineering team is building intelligent systems that protect Opendoor and our customers while enabling unprecedented engineering velocity. We apply software engineering and AI to solve security problems across product, infrastructure, and operations by building guardrails where they matter, not gates where they don't.

As our Cloud Security Engineer, you'll own the security of the infrastructure that runs Opendoor — multi-account AWS, EKS, the IAM and identity plane connecting Okta to every system, and the cloud workloads that handle home acquisition, resale, mortgage, title, and escrow. You'll inherit a recently-completed EKS migration, an in-progress CSPM/CNAPP replacement, and a zero-trust roadmap waiting for a technical owner.

What

You'll Do
  • Own the security architecture of our AWS estate — across multiple accounts, EKS clusters, Terraform-managed infrastructure, and the IAM plane that ties everything together.
  • Manage and optimize our CNAPP and CSPM cloud security tooling, ensuring platforms are effectively integrated into engineering workflows to drive the automated remediation of infrastructure risks.
  • Modernize our secure access strategy by deploying Zero Trust principles—integrating device trust and identity-aware proxies—to provide seamless, least-privileged access to internal infrastructure.
  • Harden our EKS environment — RBAC, admission policies, workload identity, runtime protection, image signing, and base-image strategy on top of our Bottlerocket + Karpenter foundation.
  • Build new agentic detection-and-response workflows using Lambda + AWS-native primitives that close the loop from alert to investigation to remediation.
  • Drive a "Shift-Left" cloud security strategy within our pipelines using Terraform/Terrakube, Git Hub Actions, ECR — so that misconfigurations get caught at PR time, not in a CSPM dashboard a week later.
  • Partner with the Infrastructure team on cloud-native security decisions: VPC architecture, ingress, secrets management (Vault), service identity, and how Okta extends into AWS, Azure, and GCP.
  • Run our cloud detection engineering:
    Guard Duty, Security Hub, Cloud Trail, VPC flow logs — tuned for signal, integrated with Datadog and our incident response playbooks.
  • Support cloud security for our subsidiaries (OS National, Mainstay Title) including Azure + Windows AD environments, with adversarial review of the systems that touch wire fraud risk.
  • Set the bar for what "secure by default" looks like for AI-maximalist engineering — vibe-coded apps, MCP servers, and agent-driven workflows that touch production cloud infrastructure.
  • Mentor engineers across Security, Infra, and Product Eng on cloud security patterns, and turn the patterns you see into automated guardrails so the next team doesn't make the same mistake.
Tech Stack
  • Cloud: AWS, Azure, GCP
  • Containers / Orchestration: EKS, Bottlerocket, Karpenter, Helm, Argo CD
  • IaC:
    Terraform, Terrakube (self-hosted)
  • Identity & Access:
    Okta, Duo, AWS Identity Center, Okta-OIDC for EKS, Platform SSO (macOS), Hashicorp Vault
  • Cloud Security:
    Guard Duty, Security Hub, Cloud Trail, Git Hub Advanced Security; CSPM/CNAPP replacement in flight (Wiz, Datadog Cloud Security, Crowd Strike Falcon Cloud Security under eval)
  • Detection / Observability:
    Datadog (security + observability), Cribl, Cloud Trail, S3 archive
  • La…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search