Security Engineer, Threat Intelligence

Summary

Join OpenAI's Threat Intelligence team as a Technical Threat Investigator to defend the company against a wide range of threats, from nation-state actors to those misusing its models. You will conduct in-depth investigations, track sophisticated threat actors, create actionable intelligence reports, and collaborate with various security teams. This remote role requires close collaboration with teams in the US and UK, with regular in-person visits to the San Francisco headquarters expected. Relocation assistance to San Francisco is offered. Your work will directly influence OpenAI's security strategy and the future of threat intelligence teams. The role involves building tools and automations to scale investigation capabilities.

Requirements

• Significant experience tracking and investigating sophisticated adversaries (e.g., APTs, cybercrime groups)
• Strong scripting ability (e.g., Python, Bash) to accelerate investigations
• Familiarity with hardware-level threats and infrastructure-focused attack surfaces (e.g., firmware, BMCs, supply chain risks)
• Practical experience with SIEMs, telemetry pipelines, and threat enrichment platforms
• Familiarity with modern adversary tactics, techniques, and procedures across infrastructure, cloud, and endpoint environments
• Ability to independently drive investigations from low-fidelity leads to finished intelligence products
• Strong written and verbal communication skills, especially translating technical investigations into actionable intelligence for diverse stakeholders
• Comfortable navigating ambiguity and driving forward independently in high-pressure or uncertain situations

Responsibilities

• Track, disrupt, analyze, and deeply understand sophisticated adversaries targeting OpenAI
• Conduct investigations using security telemetry, internal safety systems, and a variety of enrichment sources
• Build lightweight tooling, automations, agentic workflows, and leverage our models to scale investigation capabilities for the company
• Produce high-quality, actionable threat intelligence reports for internal stakeholders
• Collaborate closely with Detection & Response, Infrastructure Security, Insider Risk, and other investigative teams
• Evolve threat models and investigative approaches across software, infrastructure, and hardware layers as adversaries adapt and innovate
• Identify gaps in telemetry or tooling and propose scalable improvements

Benefits

Relocation assistance is available for candidates who wish to relocate to SF