Develops and maintains AI model policies for high-risk cybersecurity domains, translating threat models into behavioral specifications, evaluations, and mitigations. Collaborates with research, engineering, and safety teams to ensure technically grounded, enforceable safeguards against dual-use risks.
207k – 295k/yr
HybridSecurity Engineering
About the role
Responsibilities
Design and maintain model policies for cybersecurity and frontier-risk domains, especially dual-use and high-risk cyber capabilities.
Translate cybersecurity threat models into clear behavioral specifications, evaluation criteria, grading guidance, and system-level mitigations.
Define practical boundaries between legitimate security research, defensive workflows, and assistance that could materially enable harmful activity.
Build policy artifacts that support implementation across training, evaluation, deployment, monitoring, and escalation systems.
Partner with safety researchers, engineers, and evaluation teams to operationalize policies into scalable model behavior and measurable safeguards.
Analyze red-teaming results, deployment data, model failures, over-refusals, and ambiguous edge cases to improve policy and evaluation quality over time.
Identify emerging cyber capability areas where advanced AI systems could lower barriers to misuse or increase operational capability for malicious actors.
Contribute to system cards, safety reports, policy documentation, and external communications on OpenAI's approach to cyber risk mitigation.
Requirements
Strong technical expertise in cybersecurity, such as offensive security, defensive security, vulnerability research, malware analysis, incident response, threat intelligence, application security, exploit development, infrastructure security, or cloud security.
Strong judgment about how AI systems may affect the cyber threat landscape, including dual-use, autonomous, or agentic system risks.
Ability to distinguish between legitimate security use cases and assistance that could materially enable harmful cyber activity.
Experience building or applying threat models to complex technical systems, especially in adversarial or high-risk environments.
Ability to translate technical security expertise into structured policy frameworks, evaluation criteria, operational guidance, and enforcement mechanisms.
Comfort using empirical evidence, including evaluations, red-teaming results, deployment observations, and model failure modes, to inform policy decisions.
Strong systems thinking across policy, evaluations, classifiers, training, deployment safeguards, measurement, and monitoring.
Ability to work cross-functionally with researchers, engineers, product teams, policy experts, and operational stakeholders.
Strong written communication skills, especially the ability to explain complex technical and security concepts clearly.
A pragmatic approach to safety: focused on reducing real-world risk while preserving legitimate, beneficial, and defensive uses of AI.
Defines and maintains policies for AI model behavior in high-risk domains like agentic systems and user safety. Collaborates with research, engineering, and product teams to operationalize policies into measurable safeguards using empirical data and red-teaming.
207k – 295k/yr
HybridSecurity Engineering
Security Engineer, Product Security
Scale AINew York, NY +2
Security Engineer conducts code reviews, implements secure CI/CD pipelines, performs SAST/DAST testing, and secures AWS infrastructure using Terraform. Requires expertise in TypeScript, Python, NodeJS, and product security best practices to mitigate vulnerabilities in AI/ML products.
206k – 297k/yr
On-siteSecurity Engineering
Security Engineer - Vuln Management (Infra)
ReplitFoster City, CA
Mid-level Infrastructure Vulnerability Management Engineer responsible for cloud security posture, IaC scanning, container vulnerability management, and compliance tracking across multi-cloud environments. Requires 5+ years in cloud security/DevSecOps with deep GCP expertise.
210k – 270k/yr
Hybrid5+ YOESecurity Engineering
Security Engineer - Vuln Management (Code)
ReplitFoster City, CA
Mid-level AppSec Vulnerability Management Engineer who identifies application vulnerabilities, manages SBOM and supply chain security, and drives compliance tracking for SOC 2, ISO 27001, and PCI-DSS. Requires 5+ years in AppSec/DevSecOps with strong coding skills in JS/TS, Python, and Go.
210k – 270k/yr
Hybrid5+ YOESecurity Engineering
Software Engineer - Security
PerplexitySan Francisco, CA
Builds security tools, automations, and AI agents to enhance detection, response, vulnerability management, and overall security posture. Requires 4+ years experience in software engineering with security focus, proficiency in Python/Go/TypeScript, and familiarity with SIEM/EDR/cloud systems.