Windows Security Engineer

Summary

Join OpenAI's Enterprise Security team as a Windows Security Engineer and play a crucial role in securing our Windows infrastructure. You will lead the strategy and implementation of our Windows security stack across various environments, collaborating with internal teams and product teams. This role involves threat modeling, implementing strong security controls, ensuring telemetry health, and improving employee experience. The position is fully remote or based in San Francisco, with relocation assistance offered. You will be responsible for securing OpenAI against threats to our enterprise environment by working with the greater Security Organization.

Requirements

• 5+ years experience and expert knowledge with Windows internals, configuration management, security hardening, and advanced security features
• Expert-level security experience in protecting and managing Microsoft Active Directory and Azure Active Directory, including Conditional Access Policies
• Hands-on experience with large-scale Windows fleet administration including device provisioning, management, and maintenance
• Credential protection methods (Credential Guard, LSASS isolation, virtualization-based security)
• Proficiency with deploying and managing endpoint baselines, security solutions (e.g. management frameworks, EDR tools), and event log collection (e.g., Windows Event Forwarding or similar)
• Experience managing configuration as code
• Proficiency with Powershell and scripting languages (e.g. Bash, Python, or similar)

Responsibilities

• Lead the strategy and implementation of the security stack for Windows across our fleet, including developer systems, Azure Virtual Desktops, servers, and specialized employee systems
• Lead threat-modeling initiatives to continuously improve the security of the Windows platform across OpenAI, including cloud-native, hybrid, and on-premises environments
• Closely collaborate with OpenAI’s Windows-facing product teams to ensure security best practices are baked into both developer systems and the software they produce
• Implement the strongest controls available in the Windows ecosystem, including passwordless authentication, attack surface reduction (e.g., application allowlisting), code integrity, and virtualization-based security
• Influence security for our overall authentication and authorization strategy by implementing Azure conditional access policies, Intune policies, and improving the security of native Azure services
• Ensure the continuous health and sufficiency of security telemetry from and alert coverage for our Windows fleet
• Improve employee experience through operating system, process, and performance improvements
• Research adversary tradecraft and implement Windows security detections to protect OpenAI, its users, and its technology

Preferred Qualifications

• Experience with public cloud service providers (Microsoft Azure preferred)
• Deep knowledge of modern adversary tactics, techniques, and procedures, and experience with threat modeling
• The ability to empathize and collaborate with colleagues, independently manage and run projects, and prioritize efforts for risk reduction

Benefits

• This role is either fully remote or based in San Francisco, CA
• We offer relocation assistance to new employees