Principal-level Offensive Security Engineer conducts red/purple team operations and penetration testing on AI agent products like Codex and Operator, hunting vulnerabilities in app-infra-model interactions and collaborating with defensive teams to strengthen security.
278k – 490k
Remote7+ YOESecurity Engineering
About the role
Responsibilities
Continuously hunt for vulnerabilities in the interactions between the applications, infrastructure, and models that power our agentic products.
Conduct open-scope red and purple team operations, simulating realistic attack scenarios.
Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities.
Perform comprehensive penetration testing on our diverse suite of products.
Leverage advanced automation and OpenAI technologies to optimize your offensive security work.
Present insightful, actionable findings clearly and compellingly to inspire impactful change.
Influence security strategy by providing attacker-driven insights into risk and threat modeling.
Requirements
7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise.
Deep expertise conducting offensive security operations within modern technology companies.
Experience designing, developing, or testing assessing the security of AI-powered systems.
Experience working finding, exploiting and mitigating common vulnerabilities in AI systems like prompt injection, leaking sensitive data, confused deputies, and dynamically generated UI components.
Exceptional skill in code review, identifying novel and subtle vulnerabilities.
Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred).
Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts.
Excellent coding skills, capable of writing robust tools and automation for offensive operations.
Ability to communicate complex technical concepts effectively through compelling storytelling.
Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases.
Nice-to-Haves
Background or expertise in AI or data science.
Prior experience working in tech startups or fast-paced technology environments.
Experience in related disciplines such as Software Engineering (SWE), Detection Engineering, Site Reliability Engineering (SRE), Security Engineering, or IT Infrastructure.
Skills
Red TeamingPurple TeamingPenetration TestingKubernetesPythonReactAzureCI/CDGitHubLinuxmacOSPrompt InjectionCode ReviewAutomationAi Security
Own physical security end-to-end for greenfield hyperscale data center builds from groundbreaking through steady-state operations, managing guard forces, security systems deployment, and critical asset protection. Requires 10+ years data center security experience and deep ESS knowledge.
280k – 300k
On-site10+ YOESecurity Engineering
IAM Architect
The Voleon GroupBerkeley, CA +1
Designs and implements identity and access management strategy for hybrid infrastructure including Linux, Kubernetes, Windows, AWS, and Azure. Leads IAM roadmap, privileged access management, zero-trust extensions, and builds/scales IAM team. Requires 8+ years experience with authentication protocols and cloud IAM platforms.
280k – 310k
Remote8+ YOESecurity Engineering
Secure Manufacturing & Stealth Investigator
OpenAISan Francisco, CA
Lead complex investigations into leaks, insider risks, supply chain compromises, and adversarial activity affecting OpenAI's secure manufacturing, stealth programs, unreleased hardware, and prototypes. Requires 8+ years investigative experience across cyber, physical, and operational domains.
288k – 425k
Hybrid8+ YOESecurity Engineering
Systems Software Engineer, Security, First Party Hardware
OpenAISan Francisco, CA
Security Engineer owning end-to-end hardware, firmware, and system security for OpenAI's first-party AI accelerators and servers. Requires 7+ years in hardware/embedded security and strong systems programming skills.
266k – 445k
Hybrid7+ YOESecurity Engineering
Security Preparedness Lead, Coding Agents
OpenAISan Francisco, CA
Lead security efforts to protect OpenAI's internal AI coding agents from advanced cyber threats including APTs and insider risks. Requires strong hands-on technical skills in threat modeling, prototyping defenses, and coordinating cross-team security initiatives.