Model Policy, Frontier Cyber Risk

at OpenAI

📍 San Francisco, United States

USD 207,000-295,000 per year

MIDDLE

✅ Hybrid

✅ Relocation

Used Tools & Technologies

Not specified

Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value. About proficiency levels:

1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;

3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;

7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;

10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.

Security @ 3 Communication @ 6 AI @ 3

Details

OpenAI's Safety Systems team develops policy, evaluations, and operational guidance to align model behavior with human values and norms. The Model Policy, Frontier Cyber Risk role focuses on defining how models should behave in high-risk cybersecurity contexts by developing policy frameworks, threat models, taxonomies, evaluations, and behavioral specifications that guide model behavior across training, deployment, and monitoring systems. This role sits at the intersection of cybersecurity, AI safety, threat modeling, evaluation science, and policy implementation.

Responsibilities

Design and maintain model policies for cybersecurity and frontier-risk domains, especially dual-use and high-risk cyber capabilities.
Translate cybersecurity threat models into clear behavioral specifications, evaluation criteria, grading guidance, and system-level mitigations.
Define practical boundaries between legitimate security research, defensive workflows, and assistance that could materially enable harmful activity.
Build policy artifacts that support implementation across training, evaluation, deployment, monitoring, and escalation systems.
Partner with safety researchers, engineers, and evaluation teams to operationalize policies into scalable model behavior and measurable safeguards.
Analyze red-teaming results, deployment data, model failures, over-refusals, and ambiguous edge cases to improve policy and evaluation quality over time.
Identify emerging cyber capability areas where advanced AI systems could lower barriers to misuse or increase operational capability for malicious actors.
Contribute to system cards, safety reports, policy documentation, and external communications on OpenAI’s approach to cyber risk mitigation.

Requirements

Strong technical expertise in cybersecurity (examples listed: offensive security, defensive security, vulnerability research, malware analysis, incident response, threat intelligence, application security, exploit development, infrastructure security, or cloud security).
Strong judgment about how AI systems may affect the cyber threat landscape, including dual-use, autonomous, or agentic system risks.
Ability to distinguish between legitimate security use cases and assistance that could materially enable harmful cyber activity.
Experience building or applying threat models to complex technical systems, especially in adversarial or high-risk environments.
Ability to translate technical security expertise into structured policy frameworks, evaluation criteria, operational guidance, and enforcement mechanisms.
Comfort using empirical evidence (evaluations, red-teaming results, deployment observations, model failure modes) to inform policy decisions.
Strong systems thinking across policy, evaluations, classifiers, training, deployment safeguards, measurement, and monitoring.
Ability to work cross-functionally with researchers, engineers, product teams, policy experts, and operational stakeholders.
Strong written communication skills for explaining complex technical and security concepts clearly.
A pragmatic approach to safety: focused on reducing real-world risk while preserving legitimate, beneficial, and defensive uses of AI.

Publications

The posting references relevant OpenAI publications and resources (links provided in the original listing), including materials on accelerating cyber defense, Safety at every step, the Safety evaluations hub, the GPT-5.5 System Card, and the OpenAI Model Spec.

Workplace & Location

This role is based in OpenAI's San Francisco office and uses a hybrid model: three days in the office per week with optional work from home on Thursdays and Fridays.
OpenAI states it encourages applications from other locations as factors may change over time.
Relocation support is offered to new employees.

Benefits

Base pay range listed (see salary fields). Total compensation may include equity, performance-related bonuses, and other benefits.
Medical, dental, and vision insurance with employer HSA contributions.
Pre-tax accounts (Health FSA, Dependent Care FSA, commuter expenses).
401(k) with employer match.
Paid parental, medical, and caregiver leave; paid time off policies.
13+ paid company holidays and additional office closures; sick/safe time as required by law.
Mental health and wellness support; employer-paid basic life and disability coverage.
Annual learning and development stipend; daily meals in offices and meal delivery credits as eligible.
Relocation support for eligible employees and other taxable fringe benefits (e.g., charitable donation matching, wellness stipends).

Other notes

Background checks will be administered in accordance with applicable law for applicants.
OpenAI is an equal opportunity employer and provides reasonable accommodations for applicants with disabilities.