Skip to content
OpenAIOpenAISan Francisco, CA

Technical Threat Investigator, Threat Intel Engineering

Conducts deep investigations into sophisticated threat actors misusing AI models and targeting OpenAI, leveraging OSINT, telemetry, and scripting to identify disruptions. Builds scalable tooling and automations to enhance detection and safety, partnering cross-functionally for impact.

234k – 385k
RemoteSecurity Engineering

About the role

Responsibilities

  • Conduct deep, end-to-end investigations into sophisticated threat actors interacting with OpenAI's models, products, and broader ecosystem.
  • Think like an adversary—model attacker behavior, anticipate misuse patterns, and proactively hunt for, identify, and disrupt malicious activity.
  • Leverage internal telemetry, OSINT, vendor data, and in-house safety systems to produce high-confidence findings on adversarial use of our models in cyber operations, platform abuse, and threats targeting OpenAI.
  • Translate investigative findings into concrete improvements across detection, enforcement, intel, and safety pipelines.
  • Build tooling, scripts, automations, and agentic workflows that scale investigative throughput and reduce manual effort.
  • Prototype solutions in ambiguous and emerging problem spaces, including new product surfaces, novel attacker behaviors, and areas where existing coverage may be limited.
  • Partner closely with teams across Security, Safety Systems, Product Policy, and Integrity to operationalize findings and drive meaningful outcomes.
  • Produce clear, high-signal written outputs and recommendations that inform decision-making across technical and executive stakeholders.

Requirements

  • Experience in threat intelligence, incident response, offensive security, or a closely related field.
  • Solid experience investigating sophisticated threat actors, including model misuse, platform abuse, or other adversarial activity in complex environments.
  • Strong understanding of adversary behavior, infrastructure, and tradecraft, and the ability to apply that understanding to proactive investigations.
  • Demonstrated ability to independently drive deep technical investigations from ambiguous signals through to clear, actionable findings.
  • Experience using AI to extend or accelerate investigative workflows.
  • Strong scripting ability and comfort building lightweight automation, investigative tooling, or workflows that improve scale and repeatability.
  • Strong ability to leverage telemetry from diverse systems and vendors to drive investigations, including directly querying, extracting, and stitching together data where needed.
  • Strong written and verbal communication skills, especially the ability to translate technical investigations into high-signal outputs for diverse stakeholders.
  • Comfort operating independently in ambiguous, fast-moving problem spaces with minimal oversight.

Skills

OsintThreat IntelligenceIncident ResponseOffensive SecurityScriptingAutomationTelemetry AnalysisAI WorkflowsAdversary TradecraftInvestigative Tooling
Retool

Application Security Engineer

RetoolSan Francisco, CA

Application Security Engineer identifies systemic security gaps, builds tooling and automation like custom linters and static analysis, conducts code reviews and threat modeling, and drives vulnerability remediation in a TypeScript/Python codebase. Requires 5+ years hands-on AppSec experience and strong engineering depth.

232k – 318k
On-site5+ YOESecurity Engineering
Scale AI

Security Engineer, Detection & Response

Scale AINew York, NY +3

Senior Security Engineer focused on building detection systems, incident response automation, and maturing telemetry pipelines across cloud environments. Requires 5+ years in detection engineering or security operations and production-grade coding skills.

238k – 297k
On-site5+ YOESecurity Engineering
Scale AI

Security Engineer, Infrastructure

Scale AISan Francisco, CA +2

Secures large cloud environments (AWS, Azure, GCP), orchestrates and secures compute/GPU clusters, and reviews infrastructure as code like Terraform. Requires expertise in cloud security, Kubernetes, NodeJS/TypeScript, and IaC tools.

238k – 297k
On-siteSecurity Engineering
OpenAI

Technical Abuse Investigator

OpenAISan Francisco, CA +1

Investigates and disrupts malicious use of OpenAI's AI platform using complex datasets and technical tools. Builds scalable solutions like SQL/Python pipelines to enhance team efficiency; requires 5+ years abuse investigation experience and technical projects.

230k – 425k
Hybrid5+ YOESecurity Engineering
OpenAI

Software Engineer, Scaled Abuse

OpenAISan Francisco, CA

Build and operate backend and data systems for real-time fraud/abuse detection, investigation, and enforcement at OpenAI. Requires 5+ years backend engineering and 2+ years fraud/abuse experience.

230k – 385k
On-site5+ YOESecurity Engineering