Security Engineer, Offensive Security

Summary

Join OpenAI's Offensive Security team as a Security Engineer and play a crucial role in strengthening our security posture. This isn't your typical red team job; you'll engage broadly and deeply, crafting innovative attack simulations, collaborating with defensive teams, and influencing strategic security improvements. You will conduct open-scope red and purple team operations, perform penetration testing, leverage automation and OpenAI technologies, and present actionable findings. This role offers the chance to drive vulnerability resolution and shape our security strategy. The position is open to remote employees, or relocation assistance is available to OpenAI offices in San Francisco, Seattle, or New York City.

Requirements

• 7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise
• Deep expertise conducting offensive security operations within modern technology companies
• Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred)
• Demonstrated mastery assessing complex technology stacks, including: Highly customized Kubernetes clusters
• Demonstrated mastery assessing complex technology stacks, including: Container environments
• Demonstrated mastery assessing complex technology stacks, including: CI/CD pipelines
• Demonstrated mastery assessing complex technology stacks, including: GitHub security
• Demonstrated mastery assessing complex technology stacks, including: macOS and Linux operating systems
• Demonstrated mastery assessing complex technology stacks, including: Data science tooling and environments
• Demonstrated mastery assessing complex technology stacks, including: Python-based web services
• Demonstrated mastery assessing complex technology stacks, including: React-based frontend applications
• Exceptional skill in code review, identifying novel and subtle vulnerabilities
• Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts
• Excellent coding skills, capable of writing robust tools and automation for offensive operations
• Ability to communicate complex technical concepts effectively through compelling storytelling
• Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases

Responsibilities

• Conduct open-scope red and purple team operations, simulating realistic attack scenarios
• Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities
• Perform comprehensive penetration testing on our diverse suite of products
• Leverage advanced automation and OpenAI technologies to optimize your offensive security work
• Present insightful, actionable findings clearly and compellingly to inspire impactful change
• Influence security strategy by providing attacker-driven insights into risk and threat modeling

Preferred Qualifications

• Active U.S. Government Security Clearance, or eligibility and willingness to obtain one
• Experience testing AI-driven systems
• Background or expertise in AI or data science
• Prior experience working in tech startups or fast-paced technology environments
• Experience in related disciplines such as Software Engineering (SWE), Detection Engineering, Site Reliability Engineering (SRE), Security Engineering, or IT Infrastructure

Benefits

This role is open to remote employees, or relocation assistance is available to one of our OpenAI offices in San Francisco, Seattle, or New York City