Enterprise Security Engineer

About Opendoor

At Opendoor our mission is to tilt the world in favor of homeowners and those who aim to become one. Homeownership matters. It's how people build wealth, stability, and community. It's how families put down roots, how neighborhoods strengthen, how the future gets built. We're building the modern system of homeownership giving people the freedom to buy and sell on their own terms. We’ve built an end-to-end online experience that has already helped thousands of people and we’re just getting started.

About the role

At Opendoor our goal is to build the biggest, most trusted housing platform and set a new standard for how people move. We've combined our deep, proprietary data and operational expertise with the power of artificial intelligence to make online home selling and buying radically simple.

Our Security Engineering team builds intelligent systems that protect Opendoor and our customers while enabling unprecedented engineering velocity. We apply software engineering and AI to solve security problems across product, infrastructure, and operations by building guardrails where they matter, not gates where they don't.

Enterprise Security owns the internal side of that mandate: the identity, endpoint, and security systems we use to allow employees to safely do their job. This role builds and operates the systems that make Opendoor a trustworthy company to work at and do business with. You design the safeguards, then run the program day to day. Our philosophy is to make it safe for every employee to move fast, not to slow them down.

What you'll do

• Build and operate the identity system: lifecycle automation (joiner, mover, leaver), access governance and reviews, SSO and SCIM app onboarding, phishing-resistant MFA, and conditional access. Identity is the core control plane for this role.
• Run the enterprise security program. Own system availability, the operating metrics (fleet coverage, MTTR on enterprise vulnerabilities, access-review completion), and the continuous improvement loop.
• Manage and harden the endpoint fleet through centralized device management: baseline configuration, hardening, and patch and compliance enforcement as code.
• Operate endpoint detection and protection. Tune posture, drive down enterprise vulnerability exposure while maintaining engineering speed of execution.
• Build automation and AI agents that eliminate manual enterprise security work: access reviews, onboarding and offboarding, drift detection, and audit evidence collection.
• Partner with the broader detection and response team to deliver high-fidelity endpoint and identity telemetry to monitoring systems and support incident response efforts.
• Establish secure by default standards for SaaS onboarding and enterprise tooling, including the AI tools employees are adopting.

What you'll need

• Deep conviction that AI and automation should eliminate manual work, with a proven track record building agentic systems.
• 5+ years in IT or security engineering roles with an enterprise focus in fast pace technology companies.
• Deep hands-on Okta expertise with direct experience building lifecycle management, SAML/OIDC SSO, SCIM provisioning, and API-driven automation. Not console-only administration.
• Identity-first mindset: phishing-resistant authentication, conditional access, and least privilege applied at scale.
• Endpoint management at scale with Jamf, including macOS hardening and configuration-as-code. Working familiarity with Windows endpoint management.
• EDR operations with CrowdStrike Falcon or an equivalent platform.
• Strong scripting and automation in Python, Go, or TypeScript; comfortable writing infrastructure and configuration-as-code.
• Business-enablement mindset; success measured by impact and informed risk-taking, not ticket volume.
• High autonomy and comfort defining a good path forward where no playbook exists.
• Humility and curiosity; enabling employees and partner teams alongside building guardrails.

Tech stack

• Okta, Jamf, CrowdStrike Falcon, macOS, Windows, Microsoft Intune and Defender, Google Workspace, Slack, Cloudflare, Python, Go, TypeScript, Terraform, GitHub, AI tooling (OpenAI, Anthropic), Datadog.

Location
This role is based in our Miami office, in-person four days per week (Monday, Tuesday, Thursday, Friday). Candidates must be based within commuting distance of the office.

Application Tip: Interested in sharing your technical work? You are welcome to add your GitHub profile or links to projects you’ve built in the 'Websites' section.