# Model Policy, Frontier Cyber Risk

**Company:** [OpenAI](https://hotfix.jobs/companies/openai)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Salary:** $207k – $295k/yr
**Skills:** Offensive Security, Defensive Security, Vulnerability Research, Malware Analysis, Incident Response, Threat Intelligence, Application Security, Exploit Development, Infrastructure Security, Cloud Security, Threat Modeling, Red-Teaming
**Posted:** 2026-05-12

> Develops and maintains AI model policies for high-risk cybersecurity domains, translating threat models into behavioral specifications, evaluations, and mitigations. Collaborates with research, engineering, and safety teams to ensure technically grounded, enforceable safeguards against dual-use risks.

## Job Description

## Responsibilities
- Design and maintain model policies for cybersecurity and frontier-risk domains, especially dual-use and high-risk cyber capabilities.
- Translate cybersecurity threat models into clear behavioral specifications, evaluation criteria, grading guidance, and system-level mitigations.
- Define practical boundaries between legitimate security research, defensive workflows, and assistance that could materially enable harmful activity.
- Build policy artifacts that support implementation across training, evaluation, deployment, monitoring, and escalation systems.
- Partner with safety researchers, engineers, and evaluation teams to operationalize policies into scalable model behavior and measurable safeguards.
- Analyze red-teaming results, deployment data, model failures, over-refusals, and ambiguous edge cases to improve policy and evaluation quality over time.
- Identify emerging cyber capability areas where advanced AI systems could lower barriers to misuse or increase operational capability for malicious actors.
- Contribute to system cards, safety reports, policy documentation, and external communications on OpenAI's approach to cyber risk mitigation.

## Requirements
- Strong technical expertise in cybersecurity, such as **offensive security**, **defensive security**, **vulnerability research**, **malware analysis**, **incident response**, **threat intelligence**, **application security**, **exploit development**, **infrastructure security**, or **cloud security**.
- Strong judgment about how AI systems may affect the cyber threat landscape, including dual-use, autonomous, or agentic system risks.
- Ability to distinguish between legitimate security use cases and assistance that could materially enable harmful cyber activity.
- Experience building or applying **threat models** to complex technical systems, especially in adversarial or high-risk environments.
- Ability to translate technical security expertise into structured policy frameworks, evaluation criteria, operational guidance, and enforcement mechanisms.
- Comfort using empirical evidence, including evaluations, red-teaming results, deployment observations, and model failure modes, to inform policy decisions.
- Strong systems thinking across policy, evaluations, classifiers, training, deployment safeguards, measurement, and monitoring.
- Ability to work cross-functionally with researchers, engineers, product teams, policy experts, and operational stakeholders.
- Strong written communication skills, especially the ability to explain complex technical and security concepts clearly.
- A pragmatic approach to safety: focused on reducing real-world risk while preserving legitimate, beneficial, and defensive uses of AI.

## Similar roles

- [Model Policy Manager](https://hotfix.jobs/jobs/bac0d405-d3ff-4dcd-8863-ec873984db44) - OpenAI - San Francisco, CA - $207k – $295k/yr
- [Security Engineer, Product Security](https://hotfix.jobs/jobs/59b67706-eda1-4a93-9939-df73064e68e5) - Scale AI - New York, NY - $206k – $297k/yr
- [Security Engineer - Vuln Management (Infra)](https://hotfix.jobs/jobs/05cc9fc9-4eb5-4cb5-9acc-a826869df1e0) - Replit - Foster City, CA - $210k – $270k/yr
- [Security Engineer - Vuln Management (Code)](https://hotfix.jobs/jobs/cd80bf4a-c5e4-4ca3-b4b4-bb639880e535) - Replit - Foster City, CA - $210k – $270k/yr
- [Software Engineer - Security](https://hotfix.jobs/jobs/f469195d-2a11-4426-8a73-c0c8b536199d) - Perplexity - San Francisco, CA - $210k – $385k/yr

**Apply:** https://hotfix.jobs/jobs/dab87480-ab22-4c1a-b251-121dd5af1445
**Canonical:** https://hotfix.jobs/jobs/dab87480-ab22-4c1a-b251-121dd5af1445