Designs and implements identity and access management strategy for hybrid infrastructure including Linux, Kubernetes, Windows, AWS, and Azure. Leads IAM roadmap, privileged access management, zero-trust extensions, and builds/scales IAM team. Requires 8+ years experience with authentication protocols and cloud IAM platforms.
280k – 310k
Remote8+ YOESecurity Engineering
About the role
Responsibilities
Design and implement IAM strategy across hybrid infrastructure - Linux, Kubernetes, Windows, AWS, Azure, and cloud identity providers
Architect identity solutions that bridge POSIX-based authentication with modern cloud platforms (OIDC, SAML, federation), migrating from legacy models
Implement privileged access management - just-in-time access, least privilege, periodic reviews, and accountability for shared service accounts
Extend zero-trust capabilities beyond current SASE remote access to broader infrastructure
Partner cross-functionally with Security Engineering, Infrastructure, DevOps, and Corp IT to integrate identity controls without disrupting production
Define the IAM roadmap — prioritize high-risk areas, translate business requirements into technical solutions, and establish credibility with senior engineering and research leaders
Build the IAM team - hire, mentor, and lead IAM engineers as the program scales
Requirements
8+ years of experience in identity and access management, security engineering, or infrastructure engineering with focus on authentication/authorization
Deep expertise in hybrid identity architectures bridging on-premise (LDAP, FreeIPA, Active Directory) and cloud identity platforms (AWS IAM, Azure AD/Entra, Google Workspace)
Strong understanding of modern authentication protocols: OIDC, SAML, OAuth2, LDAP, Kerberos
Hands-on experience implementing identity solutions in Linux-heavy environments with POSIX requirements
Experience with cloud IAM platforms (AWS IAM / Identity Center, Azure AD, GCP IAM) including roles, policies, federation, and service accounts
Knowledge of privileged access management (PAM) tools and patterns (CyberArk, HashiCorp Vault, AWS Secrets Manager, or similar)
Understanding of zero-trust architecture principles and implementation patterns
Demonstrated ability to balance security requirements with operational workflows and production stability
Proven track record working with senior technical leaders and building organizational trust
Strong communication skills to explain complex identity concepts to both technical and non-technical stakeholders
Experience or strong interest in building and leading technical teams
Preferred Qualifications
Experience with Kubernetes service account management and pod identity patterns
Familiarity with infrastructure-as-code (Terraform, Ansible) for identity provisioning
Experience implementing SCIM for automated user lifecycle management
Background in financial services, hedge funds, or high-security research environments
Experience with compliance frameworks (SOC 2, ISO 27001) as they relate to identity
Certifications such as CISSP, CCSP, or vendor-specific identity certifications
Bachelor's or Master's degree in Computer Science, Information Security, or related field
Own physical security end-to-end for greenfield hyperscale data center builds from groundbreaking through steady-state operations, managing guard forces, security systems deployment, and critical asset protection. Requires 10+ years data center security experience and deep ESS knowledge.
280k – 300k
On-site10+ YOESecurity Engineering
Offensive Security Engineer, Agent Security
OpenAISan Francisco, CA +3
Principal-level Offensive Security Engineer conducts red/purple team operations and penetration testing on AI agent products like Codex and Operator, hunting vulnerabilities in app-infra-model interactions and collaborating with defensive teams to strengthen security.
278k – 490k
Remote7+ YOESecurity Engineering
Secure Manufacturing & Stealth Investigator
OpenAISan Francisco, CA
Lead complex investigations into leaks, insider risks, supply chain compromises, and adversarial activity affecting OpenAI's secure manufacturing, stealth programs, unreleased hardware, and prototypes. Requires 8+ years investigative experience across cyber, physical, and operational domains.
288k – 425k
Hybrid8+ YOESecurity Engineering
Security Preparedness Lead, Coding Agents
OpenAISan Francisco, CA
Lead security efforts to protect OpenAI's internal AI coding agents from advanced cyber threats including APTs and insider risks. Requires strong hands-on technical skills in threat modeling, prototyping defenses, and coordinating cross-team security initiatives.
293k – 405k
HybridSecurity Engineering
Systems Software Engineer, Security, First Party Hardware
OpenAISan Francisco, CA
Security Engineer owning end-to-end hardware, firmware, and system security for OpenAI's first-party AI accelerators and servers. Requires 7+ years in hardware/embedded security and strong systems programming skills.