# Model Policy, Frontier Cyber Risk **Company:** [OpenAI](https://hotfix.jobs/companies/openai) **Location:** San Francisco, CA **Salary:** $207K-$295K **Skills:** Offensive Security, Defensive Security, Vulnerability Research, Malware Analysis, Incident Response, Threat Intelligence, Application Security, Exploit Development, Infrastructure Security, Cloud Security, Threat Modeling, Red-Teaming **Posted:** 2026-05-12 > Develops and maintains AI model policies for high-risk cybersecurity domains, translating threat models into behavioral specifications, evaluations, and mitigations. Collaborates with research, engineering, and safety teams to ensure technically grounded, enforceable safeguards against dual-use risks. ## Job Description ## Responsibilities - Design and maintain model policies for cybersecurity and frontier-risk domains, especially dual-use and high-risk cyber capabilities. - Translate cybersecurity threat models into clear behavioral specifications, evaluation criteria, grading guidance, and system-level mitigations. - Define practical boundaries between legitimate security research, defensive workflows, and assistance that could materially enable harmful activity. - Build policy artifacts that support implementation across training, evaluation, deployment, monitoring, and escalation systems. - Partner with safety researchers, engineers, and evaluation teams to operationalize policies into scalable model behavior and measurable safeguards. - Analyze red-teaming results, deployment data, model failures, over-refusals, and ambiguous edge cases to improve policy and evaluation quality over time. - Identify emerging cyber capability areas where advanced AI systems could lower barriers to misuse or increase operational capability for malicious actors. - Contribute to system cards, safety reports, policy documentation, and external communications on OpenAI's approach to cyber risk mitigation. ## Requirements - Strong technical expertise in cybersecurity, such as **offensive security**, **defensive security**, **vulnerability research**, **malware analysis**, **incident response**, **threat intelligence**, **application security**, **exploit development**, **infrastructure security**, or **cloud security**. - Strong judgment about how AI systems may affect the cyber threat landscape, including dual-use, autonomous, or agentic system risks. - Ability to distinguish between legitimate security use cases and assistance that could materially enable harmful cyber activity. - Experience building or applying **threat models** to complex technical systems, especially in adversarial or high-risk environments. - Ability to translate technical security expertise into structured policy frameworks, evaluation criteria, operational guidance, and enforcement mechanisms. - Comfort using empirical evidence, including evaluations, red-teaming results, deployment observations, and model failure modes, to inform policy decisions. - Strong systems thinking across policy, evaluations, classifiers, training, deployment safeguards, measurement, and monitoring. - Ability to work cross-functionally with researchers, engineers, product teams, policy experts, and operational stakeholders. - Strong written communication skills, especially the ability to explain complex technical and security concepts clearly. - A pragmatic approach to safety: focused on reducing real-world risk while preserving legitimate, beneficial, and defensive uses of AI. **Apply:** https://hotfix.jobs/jobs/model-policy-frontier-cyber-risk-at-openai-dab87480-ab22-4c1a-b251-121dd5af1445 **Canonical:** https://hotfix.jobs/jobs/model-policy-frontier-cyber-risk-at-openai-dab87480-ab22-4c1a-b251-121dd5af1445