Skip to content
OpenAIOpenAISan Francisco, CA

Security Engineer, Host Assurance

Builds and operates Host Assurance platform to establish trust in bare-metal hosts for OpenAI's global infrastructure. Requires strong software engineering, deep expertise in PKI/HSM/cryptography/secure boot/host attestation, and ability to work across hardware-software boundaries at scale.

293k – 385k/yr
HybridSecurity Engineering

About the role

Responsibilities

  • Design, build, and operate components of the Host Assurance platform that establish trust in bare-metal hosts before they are eligible for production use.
  • Help ensure hosts are verifiably trustworthy from delivery and installation through secure bootstrap and readiness to join orchestration systems.
  • Build and improve systems such as machine identity, certificate issuance and enrollment, HSM-backed or key-management-backed trust services, host attestation, measurement, and baseline verification tooling.
  • Validate delivered hardware and firmware against vendor claims and continuously detect and manage drift over time.
  • Eliminate insecure bootstrap patterns while preserving deployment throughput and operational reliability. Partner with provisioning, fleet, and orchestration teams to deliver paved paths where the secure approach is the easiest approach.
  • Contribute code, reviews, operational improvements, and design guidance for foundational trust services that must be dependable at scale.
  • Help define observable, testable security properties for host platforms and improve the telemetry and validation needed to enforce them in practice.
  • Participate in incident response, debugging, and post-incident improvements for security-critical infrastructure.
  • Work across different deployment models and provider boundaries while maintaining a consistent bar for host trust outcomes.

Requirements

  • Strong software engineering experience building and operating reliable production systems at scale.
  • Deep expertise in at least one relevant domain such as PKI, HSMs, machine identity, applied cryptography, secure boot, firmware or hardware security, host attestation, or low-level platform security.
  • Comfortable working across systems boundaries, from services and APIs down to host, boot, firmware, or hardware-adjacent trust mechanisms.
  • Can write production quality code and reason clearly about failure modes, operational safety, and long-term maintainability.
  • Experience replacing fragile or manual security mechanisms with durable, paved-path infrastructure.
  • Balance rigor with pragmatism, and care about making strong security controls deployable in real-world environments.
  • Self-directed, low ego, and willing to work across disciplines to solve the most important problems.
  • Enjoy building in ambiguous spaces where the architecture is still emerging, stakes are at all time high, and the future is being built.

Skills

PkiHsmApplied CryptographySecure BootHost AttestationFirmware SecurityHardware SecurityMachine IdentityCertificate ManagementKey Management
OpenAI

Security Engineer, Detection and Response

OpenAISan Francisco, CA

Builds and operates detection and response systems to protect OpenAI's sensitive assets across endpoints, cloud, Kubernetes, and datacenter infrastructure. Requires hands-on threat detection, incident response experience, and expertise in modern cloud platforms and automation.

293k – 385k/yr
On-siteSecurity Engineering
OpenAI

Security Engineer, Agent Security

OpenAISan Francisco, CA

Designs and implements security frameworks, policies, and controls for agentic AI systems, including threat modeling, isolation techniques, and safety monitoring. Requires strong systems programming, cloud security expertise, and cross-functional collaboration in a fast-paced environment.

293k – 385k/yr
HybridSecurity Engineering
OpenAI

Researcher, Automated Red Teaming

OpenAISan Francisco, CA +1

Leads automated red teaming efforts to discover failure modes in frontier AI models, focusing on cyber, bio, and loss-of-control risks. Builds scalable systems and partners across teams to implement mitigations reducing catastrophic harm.

295k – 445k/yr
On-siteSecurity Engineering
Anthropic

Security Engineer, Detection & Response

AnthropicSan Francisco, CA +3

Lead detection and response engineering efforts, building tooling and processes to monitor threats, investigate incidents, and coordinate responses across Anthropic's technology stack. Requires 5+ years in detection engineering, incident response, or threat hunting.

300k – 405k/yr
Hybrid5+ YOESecurity Engineering
Anthropic

Threat Collections Engineer

AnthropicSan Francisco, CA +1

Builds threat detection infrastructure, data pipelines, and tooling for threat intelligence team. Requires strong Python/SQL skills, experience with orchestration tools, YARA rules, and external API integrations.

300k – 320k/yr
HybridSecurity Engineering