Systems Software Engineer, Security, First Party Hardware
Security Engineer owning end-to-end hardware, firmware, and system security for OpenAI's first-party AI accelerators and servers. Requires 7+ years in hardware/embedded security and strong systems programming skills.
266k – 445k/yr
Hybrid7+ YOESecurity Engineering
About the role
Responsibilities
Own security requirements, threat models, validation strategy, and launch-readiness evidence for first-party hardware platforms from early design through production deployment.
Design and review secure boot, measured boot, roots of trust, platform firmware resilience, firmware signing, recovery, and anti-rollback strategies across heterogeneous devices.
Own device identity, provisioning, enrollment, attestation, certificate lifecycle, and key-management requirements across manufacturing and data center bring-up.
Harden management interfaces and operational access paths across BMCs, hosts, accelerators, switches, and service tooling, including TLS/mTLS, Redfish, gNMI, SSH, syslog, and break-glass workflows.
Drive security requirements for manufacturing, supply chain, firmware/image signing, storage encryption, RMA, repair, and decommissioning processes.
Build and drive validation for security-critical hardware and firmware behavior, including debug lockout, lifecycle transitions, update paths, attestation evidence, and recovery flows.
Partner with vendors and contract manufacturers to turn security requirements into concrete deliverables, test evidence, and launch gates.
Drive end-to-end closure across design, implementation, manufacturing readiness, deployment readiness, fleet operations, and incident response when security issues arise.
Investigate hardware and firmware security issues, assess exploitability and operational risk, and drive durable fixes with engineering owners.
Requirements
7+ years of hands-on experience, or exceptional accomplishments demonstrating equivalent expertise, in hardware security, embedded security, firmware security, platform security, or low-level systems security.
Experience shipping or securing real hardware platforms, embedded devices, servers, accelerators, networking systems, BMCs, bootloaders, BIOS/UEFI, RTOS, kernels, or firmware update systems.
Deep familiarity with secure boot, measured boot, TPMs, hardware roots of trust, device attestation, key provisioning, debug interfaces, firmware signing, recovery, or lifecycle-state design.
Strong applied-cryptography judgment for secure boot, attestation, TLS/mTLS, key storage, certificate lifecycle, storage encryption, and long-range transitions such as post-quantum readiness.
Ability to read and write systems code in C, C++, or Rust and to use that skill to review, prototype, test, or debug security-critical behavior.
Comfort with hardware-software interfaces such as SPI, I2C, SMBus, PCIe, UART, JTAG, SWD, GPIOs, TPMs, and board-level debug tools.
Proven track record driving security improvements with hardware, firmware, infrastructure, manufacturing, operations, and partner teams.
Experience owning broad, ambiguous security programs end to end, including translating risk into technical requirements, validation plans, and accountable engineering decisions.
Clear written and verbal communication, with the ability to turn ambiguous security risks into actionable requirements, design reviews, tests, and decisions.
Security Engineer responsible for securing AI agent execution, infrastructure, and product surfaces at an applied AI lab building Devin and Windsurf. Requires deep security engineering, software engineering fundamentals, and cloud/web security expertise.
260k – 300k/yr
On-site7+ YOESecurity Engineering
Offensive Security Engineer, Agent Security
OpenAISan Francisco, CA +3
Principal-level Offensive Security Engineer conducts red/purple team operations and penetration testing on AI agent products like Codex and Operator, hunting vulnerabilities in app-infra-model interactions and collaborating with defensive teams to strengthen security.
278k – 490k/yr
Remote7+ YOESecurity Engineering
Security Lead, Deployment & Ops
FluidstackNew York, NY +2
Own physical security end-to-end for greenfield hyperscale data center builds from groundbreaking through steady-state operations, managing guard forces, security systems deployment, and critical asset protection. Requires 10+ years data center security experience and deep ESS knowledge.
280k – 300k/yr
On-site10+ YOESecurity Engineering
IAM Architect
The Voleon GroupBerkeley, CA +1
Designs and implements identity and access management strategy for hybrid infrastructure including Linux, Kubernetes, Windows, AWS, and Azure. Leads IAM roadmap, privileged access management, zero-trust extensions, and builds/scales IAM team. Requires 8+ years experience with authentication protocols and cloud IAM platforms.
280k – 310k/yr
Remote8+ YOESecurity Engineering
Product Security Architect
ReplitFoster City, CA
Defines and implements secure architecture for multi-tenant SaaS platform, leads threat modeling, mentors engineering teams on security best practices, and conducts code reviews. Requires 8+ years in product security with expertise in auth protocols and SaaS security.