RealRE

Whitehat Security Specialist - US

The Real Brokerage Inc. is at the forefront of transforming the way real estate transactions are conducted.

Real

Employee count: 201-500

Salary: 210k-225k USD

United States only

Real is a fast-growing national real estate brokerage powered by technology. Real is currently operating in all U.S. states, Canada, and the District of Columbia. Founded in 2014, Real is a trailblazer in the Residential Real Estate industry, as we lead the disruption with our cutting-edge technology platform. We are on a mission to revolutionize the home-buying and selling process, making agents' lives better while creating lucrative financial opportunities for them.

For more information, visit https://www.onereal.com/

Location: US - Remote.

Work Schedule: MUST be willing to work Eastern (EST) time zone hours, regardless of location.

Job Summary:

​​We are seeking a skilled and proactive Whitehat Security Specialist to join our growing R&D team at Real. As a Whitehat Security Specialist, you will be responsible for identifying, assessing, and mitigating security vulnerabilities across our company's infrastructure, applications, and systems. You will play a critical role in safeguarding our organization's data, networks, and technology assets by performing penetration testing, vulnerability assessments, and security audits. Your expertise will help us proactively identify weaknesses and develop strategies to defend against malicious cyber-attacks.

What you’ll do:

  • Perform in-depth penetration testing and vulnerability assessments on web apps, infrastructure, and cloud-native systems to uncover and address security gaps.

  • Lead threat modeling efforts and proactively identify potential attack vectors across our cloud and application stack.

  • Secure cloud-native architectures by working closely with engineering teams to design and implement best-practice security in our AWS environment using Terraform and AWS CDK.

  • Evaluate and improve the security of our AWS networking configuration (VPCs, Security Groups, NACLs, etc.) and IAM policies.

  • Support and collaborate on incident response efforts—investigating security events, coordinating response, and helping strengthen our detection and recovery capabilities.

  • Contribute to security audits, code reviews, and internal tooling that promote robust security throughout our infrastructure and SDLC.

  • Automate vulnerability scanning and security testing pipelines to support a fast-moving CI/CD environment.

  • Collaborate cross-functionally with developers, infrastructure engineers, and product teams to instill security-minded practices and drive secure design decisions.

  • Create clear and actionable documentation around findings, fixes, and internal security guidelines.

  • Support security awareness through internal training, tooling, and guidance to promote a security-first culture.

Who you are:

  • You have 5+ years of hands-on experience in penetration testing, vulnerability assessments, or similar offensive security work.

  • You have deep knowledge of networking fundamentals and common attack vectors—especially in cloud and web environments.

  • You have strong knowledge of cloud-native security—especially in AWS—
    and are confident navigating and securing services like EC2, EKS, IAM, VPC, S3, ALB/NLB.

  • You have experience with observability and monitoring tools like Datadog, particularly for detecting security anomalies, monitoring attack surfaces, and supporting incident response.

  • You are experienced with networking protocols and cloud perimeter security (Security Groups, NACLs, route tables).

  • You are comfortable using IaC tools like Terraform and AWS CDK to implement and secure infrastructure.

  • You’ve built or maintained security automation tools using Python, Bash, or similar scripting languages.

  • You’re familiar with cloud risk assessments and threat modeling methodologies, including frameworks like OWASP, NIST, and CIS Benchmarks.

  • You enjoy keeping up with the latest in offensive and defensive security techniques, and you’re excited to continuously improve security posture across systems.

  • You’re a strong communicator who can clearly explain risk and security decisions to both technical and non-technical teammates.

  • You take initiative, thrive in ambiguity, and enjoy collaborating with others to solve hard, meaningful problems.

Our infrastructure stack:

  • Cloud: AWS

  • IaC: AWS CDK (TypeScript), Terraform

  • Containerization & Orchestration: Microservice architecture deployed via Kubernetes on EKS, using ArgoCD and a GitOps workflow

  • CI/CD: TeamCity

  • Monitoring & Observability: Datadog

  • Messaging & Storage: Kafka (MSK), Postgres (RDS), DynamoDB

Education and Experience:

  • Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related field (or equivalent practical experience).

  • 3+ years of hands-on experience in penetration testing, vulnerability assessments, and ethical hacking.

  • Previous experience working in an information security role, preferably with a focus on application security, network security, or incident response.

  • Experience with security testing on various platforms, including web applications, mobile apps, and cloud environments.

Must-Have: Ability to truly encompass our Company Core Values

  • Work Hard. Be Kind

  • “We” are bigger than “me”

  • Tech x Humanity

Real is proud to be an equal opportunity workplace employer. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status.

About the job

Apply before

Posted on

Job type

Full Time

Experience level

Mid-level

Salary

Salary: 210k-225k USD

Location requirements

Hiring timezones

United States +/- 0 hours

About Real

Learn more about Real and their company culture.

View company profile

The Real Brokerage Inc. is at the forefront of transforming the way real estate transactions are conducted. Founded with the vision of integrating technology into real estate, Real operates on an innovative model that enhances the experience of both agents and clients. Utilizing modern technology, Real aims to streamline the entire process of buying and selling homes, making it more efficient and accessible.

Headquartered in New York, Real has established a significant presence across the United States and Canada, focusing on empowering agents through advanced tools and resources. The company is committed to creating value for its agents, fostering a culture of collaboration and shared success, which further enhances client satisfaction and trust in their services.

Claim this profileReal logoRE

Real

View company profile

Similar remote jobs

Here are other jobs you might want to apply for.

View all remote jobs

45 remote jobs at Real

Explore the variety of open remote roles at Real, offering flexible work options across multiple disciplines and skill levels.

View all jobs at Real

Remote companies like Real

Find your next opportunity by exploring profiles of companies that are similar to Real. Compare culture, benefits, and job openings on Himalayas.

View all companies

Find your dream job

Sign up now and join over 85,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan