Skip to content
OpenAIOpenAISan Francisco, CA

Offensive Security Engineer, Agent Security

Principal-level Offensive Security Engineer conducts red/purple team operations and penetration testing on AI agent products like Codex and Operator, hunting vulnerabilities in app-infra-model interactions and collaborating with defensive teams to strengthen security.

278k – 490k
Remote7+ YOESecurity Engineering

About the role

Responsibilities

  • Continuously hunt for vulnerabilities in the interactions between the applications, infrastructure, and models that power our agentic products.
  • Conduct open-scope red and purple team operations, simulating realistic attack scenarios.
  • Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities.
  • Perform comprehensive penetration testing on our diverse suite of products.
  • Leverage advanced automation and OpenAI technologies to optimize your offensive security work.
  • Present insightful, actionable findings clearly and compellingly to inspire impactful change.
  • Influence security strategy by providing attacker-driven insights into risk and threat modeling.

Requirements

  • 7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise.
  • Deep expertise conducting offensive security operations within modern technology companies.
  • Experience designing, developing, or testing assessing the security of AI-powered systems.
  • Experience working finding, exploiting and mitigating common vulnerabilities in AI systems like prompt injection, leaking sensitive data, confused deputies, and dynamically generated UI components.
  • Exceptional skill in code review, identifying novel and subtle vulnerabilities.
  • Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred).
  • Demonstrated mastery assessing complex technology stacks, including:
    • Highly customized Kubernetes clusters
    • Container environments
    • CI/CD pipelines
    • GitHub security
    • macOS and Linux operating systems
    • Data science tooling and environments
    • Python-based web services
    • React-based frontend applications
  • Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts.
  • Excellent coding skills, capable of writing robust tools and automation for offensive operations.
  • Ability to communicate complex technical concepts effectively through compelling storytelling.
  • Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases.

Nice-to-Haves

  • Background or expertise in AI or data science.
  • Prior experience working in tech startups or fast-paced technology environments.
  • Experience in related disciplines such as Software Engineering (SWE), Detection Engineering, Site Reliability Engineering (SRE), Security Engineering, or IT Infrastructure.

Skills

Red TeamingPurple TeamingPenetration TestingKubernetesPythonReactAzureCI/CDGitHubLinuxmacOSPrompt InjectionCode ReviewAutomationAi Security
Fluidstack

Security Lead, Deployment & Ops

FluidstackNew York, NY +2

Own physical security end-to-end for greenfield hyperscale data center builds from groundbreaking through steady-state operations, managing guard forces, security systems deployment, and critical asset protection. Requires 10+ years data center security experience and deep ESS knowledge.

280k – 300k
On-site10+ YOESecurity Engineering
The Voleon Group

IAM Architect

The Voleon GroupBerkeley, CA +1

Designs and implements identity and access management strategy for hybrid infrastructure including Linux, Kubernetes, Windows, AWS, and Azure. Leads IAM roadmap, privileged access management, zero-trust extensions, and builds/scales IAM team. Requires 8+ years experience with authentication protocols and cloud IAM platforms.

280k – 310k
Remote8+ YOESecurity Engineering
OpenAI

Secure Manufacturing & Stealth Investigator

OpenAISan Francisco, CA

Lead complex investigations into leaks, insider risks, supply chain compromises, and adversarial activity affecting OpenAI's secure manufacturing, stealth programs, unreleased hardware, and prototypes. Requires 8+ years investigative experience across cyber, physical, and operational domains.

288k – 425k
Hybrid8+ YOESecurity Engineering
OpenAI

Systems Software Engineer, Security, First Party Hardware

OpenAISan Francisco, CA

Security Engineer owning end-to-end hardware, firmware, and system security for OpenAI's first-party AI accelerators and servers. Requires 7+ years in hardware/embedded security and strong systems programming skills.

266k – 445k
Hybrid7+ YOESecurity Engineering
OpenAI

Security Preparedness Lead, Coding Agents

OpenAISan Francisco, CA

Lead security efforts to protect OpenAI's internal AI coding agents from advanced cyber threats including APTs and insider risks. Requires strong hands-on technical skills in threat modeling, prototyping defenses, and coordinating cross-team security initiatives.

293k – 405k
HybridSecurity Engineering