# Systems Software Engineer, Security, First Party Hardware

**Company:** [OpenAI](https://hotfix.jobs/companies/openai)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Salary:** $266k – $445k/yr
**Experience:** 7+ years
**Skills:** C, C++, Rust, Secure Boot, Measured Boot, Tpm, Hardware Root Of Trust, Device Attestation, Firmware Signing, Tls/Mtls, Key Management, Certificate Lifecycle, Storage Encryption, Bmc, Bios/Uefi
**Posted:** 2026-06-08

> Security Engineer owning end-to-end hardware, firmware, and system security for OpenAI's first-party AI accelerators and servers. Requires 7+ years in hardware/embedded security and strong systems programming skills.

## Job Description

## Responsibilities
- Own security requirements, threat models, validation strategy, and launch-readiness evidence for first-party hardware platforms from early design through production deployment.
- Design and review secure boot, measured boot, roots of trust, platform firmware resilience, firmware signing, recovery, and anti-rollback strategies across heterogeneous devices.
- Own device identity, provisioning, enrollment, attestation, certificate lifecycle, and key-management requirements across manufacturing and data center bring-up.
- Harden management interfaces and operational access paths across BMCs, hosts, accelerators, switches, and service tooling, including TLS/mTLS, Redfish, gNMI, SSH, syslog, and break-glass workflows.
- Drive security requirements for manufacturing, supply chain, firmware/image signing, storage encryption, RMA, repair, and decommissioning processes.
- Build and drive validation for security-critical hardware and firmware behavior, including debug lockout, lifecycle transitions, update paths, attestation evidence, and recovery flows.
- Partner with vendors and contract manufacturers to turn security requirements into concrete deliverables, test evidence, and launch gates.
- Drive end-to-end closure across design, implementation, manufacturing readiness, deployment readiness, fleet operations, and incident response when security issues arise.
- Investigate hardware and firmware security issues, assess exploitability and operational risk, and drive durable fixes with engineering owners.

## Requirements
- 7+ years of hands-on experience, or exceptional accomplishments demonstrating equivalent expertise, in hardware security, embedded security, firmware security, platform security, or low-level systems security.
- Experience shipping or securing real hardware platforms, embedded devices, servers, accelerators, networking systems, BMCs, bootloaders, BIOS/UEFI, RTOS, kernels, or firmware update systems.
- Deep familiarity with secure boot, measured boot, TPMs, hardware roots of trust, device attestation, key provisioning, debug interfaces, firmware signing, recovery, or lifecycle-state design.
- Strong applied-cryptography judgment for secure boot, attestation, TLS/mTLS, key storage, certificate lifecycle, storage encryption, and long-range transitions such as post-quantum readiness.
- Ability to read and write systems code in C, C++, or Rust and to use that skill to review, prototype, test, or debug security-critical behavior.
- Comfort with hardware-software interfaces such as SPI, I2C, SMBus, PCIe, UART, JTAG, SWD, GPIOs, TPMs, and board-level debug tools.
- Proven track record driving security improvements with hardware, firmware, infrastructure, manufacturing, operations, and partner teams.
- Experience owning broad, ambiguous security programs end to end, including translating risk into technical requirements, validation plans, and accountable engineering decisions.
- Clear written and verbal communication, with the ability to turn ambiguous security risks into actionable requirements, design reviews, tests, and decisions.

## Similar roles

- [Security Engineer](https://hotfix.jobs/jobs/8152ef3a-1ca1-4080-b871-79761cccbf27) - Cognition - San Francisco, CA - $260k – $300k/yr
- [Offensive Security Engineer, Agent Security](https://hotfix.jobs/jobs/fbc78d2b-399e-4d4d-b8b0-5da69ed501fe) - OpenAI - Remote - $278k – $490k/yr
- [Security Lead, Deployment & Ops](https://hotfix.jobs/jobs/99f06473-45a1-40e6-b95d-02ef06d04d0f) - Fluidstack - New York, NY - $280k – $300k/yr
- [IAM Architect](https://hotfix.jobs/jobs/c8c90a56-2a9c-42be-942d-6faf5f5e7046) - The Voleon Group - Remote - $280k – $310k/yr
- [Product Security Architect](https://hotfix.jobs/jobs/fc2c8fc8-cafc-4107-abb9-294585a9ee20) - Replit - Foster City, CA - $250k – $380k/yr

**Apply:** https://hotfix.jobs/jobs/5aa1f4d4-0fc1-457f-b101-6b328345a43a
**Canonical:** https://hotfix.jobs/jobs/5aa1f4d4-0fc1-457f-b101-6b328345a43a